Facebook F8 - We Are The Enemy!
Thursday, 03 May 2018

F8 is a strange developer conference and it's the conference and the developers who are strange. The first reason it's strange is that most of its announcements that make the headlines are user-oriented. The second reason it is strange is that developers are the enemy.


Consider the situation. Facebook is in trouble because Cambridge Analytica acquired data that it wasn't supposed to get. Put this another way - an app breached Facebook's terms of service and harvested data without user permission. An app made by developers, and hence the reason that we are the enemy.

I have to say at this early stage that we are the enemy, but nothing at F8 gives any explicit hints that this is the case. But if you look carefully you will see that defence is the objective.

To restore some sort of faith in the company, assuming this is possible, Facebook has to find ways to control us in the use of its APIs. This is like trying to herd cats. One way to herd cats is to lock them in a room and throw away the key. Facebook stopped app reviews after the scandal broke, but announced that they would be re-opened on Day One of F8. Well they really didn't have much choice. What point is a developer conference when you have locked all of their apps in a room and refuse to let them see the light of day?

The new review process is going to be tougher:

"As we shared in today's F8 keynote, we're re-opening app review, a process that Facebook uses as a way to help ensure the best possible Facebook experience for your app's audience. We made several updates to the review process that enables stronger enforcement of our Platform Policies."

The two main changes are:

  • App developers requiring certain API permissions will be required to verify their business and sign a supplemental terms contract. This contract introduces additional security requirements and other provisions around data. Businesses can be verified by providing forms of documentation including utility bills, business licenses, certificates of formation, articles of incorporation, tax ID numbers, and others.

  • Any business who builds with the Facebook platform to serve other businesses as a third-party tech provider must also sign an additional contract. The tech provider contract restricts the usage of data for the sole purpose of servicing the customer on behalf of whom the data is collected. Large customers using third-party tech providers may be subject to app review and may be required to sign the supplemental terms.

What about existing apps?

"For existing apps, a new app review is required by August 1, 2018 in order to maintain approved status. Due to changes to the review process and the high volume of submissions expected, it may take several weeks for submitted apps to complete review."

There is also an update to the Graph API with the launch of Graph API 3.0. Many of the permissions and features now require App Review. A whole set of data fields have been deprecated and five new permissions have been added. There are far too many new restrictions and changes to list completely here, but you get the general idea. One change that is slightly surprising is that now apps running in developer mode will only return data from users that have a role in the app - admin, developer or tester - you mean apps in development weren't already boxed in?

The Facebook login has also been modified to increase security: 

  • Restricting Data: simplifying public profile, deprecating profile fields, and limiting user profile links to protect people’s privacy

  • Handling Token Expiration: offering you new tools to handle a user's token expiration and refresh gracefully

  • Introducing Personal Data Deletion Callback: providing a callback URL to receive a person’s request that the info an app received from Facebook be deleted

  • Clarifying Business Integrations: showing these services as a distinct list separate from apps

The user data deletion callback is particularly interesting as we are expected to give the user a way to track and check that any data provided by Facebook has been deleted. It will be interesting to see how this works or, more accurately, is enforced.

There is some more general news as well as restrictions. The Facebook Ads SDK has been replaced by the Business SDK. There is a new In-App Purchase API for instant games. Also there is news about AR and AI which is covered in other news items - Oculus go and more AR/VR at f8

I leave you with a final quote from the Facebook Developer News blog:

"When we launched the Facebook platform eleven years ago, it was impossible to imagine all the innovative ways developers would use the social graph to build a more connected world."

Truer words have never been spoken - "impossible to imagine".


More Information

Day 1 of F8 2018: Developer News Roundup

Day 2 of F8 2018: Developer News Roundup

Related Articles

Oculus go and more AR/VR at f8

New Developer Tools Unveiled At F8

F8 - What's New For Facebook

React 15.5 Gets Ready For Rewrite 

New Challenge - Create A Better Facebook

Apps Have to Give Back to Facebook

Facebook Hacker Cup 2017 Kicks Off  

Facebook vs Google - Developer's Take

Facebook Rolls Out Its Own App Center

Facebook Inviting Devs to Apply

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.



Amazon Updates Q Family And Previews App Studio

Amazon made multiple announcements at its AWS Summit in New York, including a preview of AWS App Studio, the addition of Q Developer to SageMaker Studio, and an Amazon Q Apps API.

htmx 2 Released - The Next Big Thing?

htmx seems to have crept up on us programmers - perhaps because we are programmers. Is this the next big thing and is it a JavaScript killer?

More News

Last Updated ( Thursday, 03 May 2018 )