How to prohibit apps on Facebook from accessing your data?

Without your noticing, information from your Facebook profile could flow to strangers. We explain how you can limit that.

The essentials in brief:

Facebook apps are small programs like games, surveys or tests. If you use these apps, you may also give third parties access to your Facebook data.
It is often enough to use your Facebook account as a login on other websites.
You can achieve better data protection if you make as little information about yourself publicly visible as possible and do not take part in games on Facebook.
The Facebook app center has a lot of games.

Caution applies in the Facebook app center: some of the games can be granted access to your data and would like to post contributions to your profile.

It’s practical: Don’t create a new account with the newspaper’s ePaper, just use the Facebook login. This is called single sign-on and is described in more detail here . Or funny: to find out which animal you could be reborn as. Facebook offers such opportunities. This usually requires small applications that run on Facebook and are called apps in the social network . Do you know how many apps you have activated on Facebook and which of your data they access? Not to mention what the providers of these apps do with your data …

The first tip sounds succinct: Use only those applications that you really need and find out what happens to your data (for example in the provider’s privacy policy). Stay away from tests that tell you which movie character you are like, who is really in love with you, or whatever is on offer. Once tapped, data can no longer be captured! If there is too much spam or SMS garbage, the only thing that helps is new e-mail addresses and cell phone numbers.

Tip two : In the Facebook settings (login required) you can regulate what such apps are allowed to do with the information in your Facebook profile and which of your Facebook data they are allowed to access. It works like this:

Setting the apps on Facebook on the smartphone / tablet

  • Open the “Facebook” app on your mobile phone or tablet (if installed).
  • Open the “menu” (the three horizontal lines).
  • Swipe up and tap Settings & Privacy.
  • Tap on “Settings”.
  • If necessary, swipe up and tap on ” Apps and websites “.
  • If you’re using apps with your Facebook profile, you’ll see a box that says “Signed in with Facebook”. There tap on “Edit”.
  • You can tap any individual app. There you will then be listed which of your profile information the application is allowed to access and who can see on Facebook that you are using this app. You can change some of these by tapping the appropriate words.
  • If you no longer want to use the app, swipe up and tap “Remove app” at the bottom of the page.

Setting the apps on Facebook on the PC

  • After logging into Facebook, click the circle with the triangle in the top right corner.
  • Click on Settings and Privacy, then click Settings.
  • Click on ” Apps and websites ” in the left navigation bar.
  • The running apps are displayed in boxes. Click on this to see the app’s permissions and, if necessary, to change them or to remove the application.
  • Set access rights for apps on Facebook
  • If you now see that you have activated apps on Facebook, you can manage the permissions for data access. For each app, it is shown individually which of your Facebook data it can access. Most should require “Public Profile”. You may be able to remove many other checkmarks (such as “publish content on your behalf”). Of course, the application may then no longer work as it should. However, we recommend allowing as little as possible . If a checkmark cannot be removed and you do not want to allow the application to access the data or function, you ultimately have no choice but to remove the app.

Incidentally, Google also offers its users an overview that is comparable to that of Facebook. There the area is called ” Apps with Account Access “.

What apps could do with your information
There are apps that comment, like or even write other posts on your behalf. There are known cases in which Facebook users suddenly advertise fake shops in posts without knowing or wanting to. Many phishing emails or scam SMS (eg ” parcel service ” and ” voicemail “) are often sent in waves after someone has compiled public information from social network profiles. Scraping is the technical term for it.

In addition, the app operators can also use the data received for their own purposes in the background. Example: You have given an app access to its public profile and are showing your relationship status publicly. The app can collect this information and send it to the operator. This could, among other things, learn

whether you are in a relationship,
what sexual orientation you have.
This is important personal information. Sexual orientation, for example, is particularly worthy of protection under current data protection law. That means: if you want to know that from you, you must have a special interest in it and be able to justify it. And you usually have to give your express consent to their use.

What could happen to it? Not only are advertisements conceivable that are tailored precisely to you and thus seduce you into making a purchase even more easily. It can be worse in other countries, where certain sexual orientations are punishable. In addition, personal data such as e-mail addresses and mobile phone numbers can be collected in this way and published as a so-called leak. This is what happened, for example, at Easter 2021 . The scandal surrounding Facebook and the British consulting firm Cambridge Analytica shows that data obtained in this way can also be used to influence your decisions and even to manipulate elections.

“Apps used by other users”
Until the beginning of April 2018, Facebook also offered the option for users to determine which of their data could be accessed by apps that their friends had activated. “Apps used by other users” was the name of the area that has since been removed. According to Facebook, apps are generally no longer allowed to access information from friends. Cambridge Analytica had taken advantage of this opportunity with an app called “This Is Your Digital Life”.

Facebook user data leaks
Leak means the unauthorized publication of information. In connection with apps that are operated on Facebook, a number of major leaks have become known in the past. Examples:

Data from 1.5 billion Facebook members on offer
In early October 2021, the Romanian Internet security portal PrivacyAffairs.com reported that data collected from 1.5 billion Facebook members would be offered for sale on the Darknet. This would affect half of all Facebook users worldwide. The authors of the website emphasize that there is no evidence of a security breach or hack on Facebook and that no passwords have been published. The data records should contain the following information (if they were provided by those concerned on Facebook): Name, email address, telephone number, place of residence, gender and user ID. Two days later, the offer was removed from the hacker forum.

530 million Facebook user data published
On the Easter weekend of 2021, a report shocked numerous Facebook members: Personal data of more than 530 million of them are said to have been published on the Internet. This should also include data from around 6 million users in Germany. According to media reports, they were stolen from a security hole that Facebook claims to have closed in August 2019. At that time, mobile phone numbers from Facebook profiles, among other things, were unencrypted. A few days after the so-called leak became known, Facebook stated that the information was probably collected through scraping (i.e. the automated collection of publicly available data). As described above, apps create the possibilities for this.

267 million Facebook user data openly online
Between December 4 and 19, 2019, the personal data of 267 million Facebook users was unprotected on the Internet. The data sets contained, among other things, user names, Facebook ID, telephone numbers, said security researcher Bob Diachenko on Twitter. The data could have been collected through misuse of Facebook interfaces (API) and used, for example, for phishing or SMS spam.

App developers stored data publicly on Amazon
On April 3, 2019, it became known that the Mexican company Cultura Colectiva had stored various user data in a publicly accessible manner on Amazon’s cloud servers. US media reported that 540 million records were there and were removed after they became known. The developers of an app called “At the Pool” also saved 22,000 records publicly – including passwords and e-mail addresses. The data leaks did not occur directly on Facebook, but they show that the social network does not appear to have extensive controls on developers for apps that run on the Facebook platform. This case is reminiscent of the scandal surrounding the British consultancy Cambridge Analytica  in March 2018.

Data breach with photos
On December 14, 2018, Facebook announced in a blog post that app developers had the opportunity to access photos from around 7 million users, even if they were not uploaded publicly. The data leak existed from September 13 to 25, 2018. Facebook users can check a special help page to see whether they are affected.

If you want to end your Facebook membership, you can delete your profile on the following page: https://www.facebook.com/help/delete_account

This means that your profile and all your details can no longer be found by others. However, it is unclear whether all of your data will actually be irrevocably deleted from the Facebook servers.

This content was created by the consumer advice center in  North Rhine-Westphalia for the network of consumer advice centers in Germany.