Facebook To Expand Bug Bounty Program To Include Misuse of Data By App Developers.
In the wake of growing Cambridge Analytica Scandal, Facebook have made some of the following changes and increase its Bug bounty Program
- Pause app review: We paused app review last week while we implement new changes to our platform.
- Access to user friends requires Login Review: We are treating user_friends as an extended permission that requires Login Review.
Facebook said in post that, in the upcoming days and beyond, we will:
- Conduct an in-depth review of our platform: We will investigate all apps that had access to large amounts of information before we changed our platform in 2014 to reduce data access, and we are conducting a full audit of any app with suspicious activity.
- Inform people if an app is removed for data misuse: If we find developers that misused personally identifiable information, we will ban them from our platform. Moving forward, if we remove an app for misusing data, we will notify everyone who used it.
- Encourage people to manage the apps they use: We already show people what apps their accounts are connected to and control what data they’ve permitted those apps to use. In the coming month, we’re going to make these choices more prominent and easier to manage.
- Require heightened terms for business-to-business applications: All developers that build applications for other businesses will need to comply with rigorous policies and terms, which we will share in the coming weeks.
- Reward people who find vulnerabilities: Facebook’s bug bounty program will expand so that people can also report to us if they find misuses of data by app developers. We are beginning work on this and will have more details as we finalize the program updates in the coming weeks.
Last week, Facebook CEO Mark Zuckerberg Admits It is "Breach of Trust" on Cambridge Analytica Scandal. and said,
"We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it."
Facebook team takes action on this breach and announced to increase Bug Bounty Program for security researchers.