Facebook said Friday that it has suspended “tens of thousands” of apps made by about 400 developers as part of an investigation following the Cambridge Analytica scandal.
The announcement came the same day that unsealed legal documents in Massachusetts disclosed that Facebook had suspended 69,000 apps. In the vast majority of cases, however, the suspensions came not after any kind of serious investigation but because app developers had failed to respond to emailed information requests.
Starting in March 2018, Facebook began looking into the apps that have access to its users’ data. The probe came after revelations that data mining firm Cambridge Analytica used ill-gotten data from millions of Facebook users through an app, then used the data to try to influence U.S. elections.
It led to a massive backlash against Facebook that included CEO Mark Zuckerberg being called to testify before Congress. The company is still trying to repair its reputation.
Facebook said Friday its app investigation is ongoing and it has looked at millions of apps so far.
The company said it has banned a few apps completely and has filed lawsuits against some, including in May against a South Korean data analytics company called Rankwave. In April, it sued LionMobi , based in Hong Kong, and JediMobi, based in Singapore, which the company says made apps that infected users’ phones with malware.
Facebook settled with the Federal Trade Commission for a record $5 billion this summer over privacy violations that stemmed from the Cambridge Analytica scandal. The company said the FTC agreement “will bring its own set of requirements for bringing oversight to app developers. It requires developers to annually certify compliance with our policies” and that developers who don’t do this will be “held accountable.”
Also on Friday, a judge unsealed a subpoena by the Massachusetts attorney general demanding that the social network disclose the names of apps and developers that obtained data from its users without their consent. It also asked for all Facebook internal communications about those apps.
The state began investigating Facebook when the Cambridge Analytica scandal broke. But the company refused to identify any of the apps or developers, and the subpoena would have remained confidential under Massachusetts law had Facebook not insisted on keeping it and related exhibits secret.
Massachusetts Attorney General Maura Healey’s consumer protection division had sought data on apps from prior to 2014, when Facebook announced changes to the platform to restrict access to user data.
Facebook tried to redact the subpoena in negotiations before Friday’s ruling by state Judge Brian A. Davis. But Healey’s office fought to limit the redacted sections.
Facebook did disclose that it had identified more than 10,000 apps that “show characteristics associated with higher risks of data misuse” but did not identify any of them.
The state attorney general noted that Facebook had allowed developers to integrate at least 9 million apps into the platform as of 2014 and had, for many years, allowed developers to access user data, including photos, work history, birthdates and “likes.” This applied not just from people who installed the apps but also to their Facebook friends who did not.
The unsealed subpoena also says that Facebook informed the Massachusetts attorney general’s office that it had identified about 2 million apps “as warranting a closer examination for potential misuses of Facebook user data.”
That suggests that, five years ago, more than one in four apps may have been accessing Facebook users’ data without their knowledge or consent.