Facebook maintained secret deals with a handful of companies, allowing them to gain "special access to user records," long after it cut off most developers' access to such user data back in 2015, according to a new Friday report by the Wall Street Journal, citing court documents it did not publish and other unnamed sources.
These arrangements, which were known as "whitelists," reportedly allowed "certain companies to access additional information about a user’s Facebook friends," including phone numbers.
Numerous companies, including the Royal Bank of Canada and Nissan Motor Company, apparently maintained such deals.
Ime Archibong, Facebook’s vice president of product partnerships, told the Journal that the company had allowed some companies to have "short-term extensions" to this user data.
“But other than that, things were shut down," he said.
The new report on Facebook is separate from the other disclosure of data sharing with 60 device makers, and the other recent revelation that a "bug" made private posts of 14 million users public.
The news comes as Facebook is attempting to rehabilitate its public image. Since April 25, Facebook has run a national marketing campaign, including television spots that have aired during the NBA Finals, in an attempt to improve the company’s image and its "commitment to doing better."
"People come to Facebook first and foremost to connect with friends and family, however they have concerns about issues on the platform like fake news, data misuse, click bait, and spam," Lisa Stratton, a company spokeswoman, emailed Ars earlier this week. "We are taking a broader view of our responsibilities, and we hope this campaign will show that we take that responsibility seriously and are working to improve Facebook for everyone."
Facebook did not immediately respond to Ars’ request for comment.
UPDATE 8:09pm ET: Spokeswoman Katy Dormer told Ars that Facebook would not provide a full list of the companies that Facebook provided such extensions to.
When asked why Facebook users should continue to trust the company given the recent post-Cambridge Analytica spat of news stories involving previously unknown data sharing deals and errors, she said that Facebook takes its responsibility to protect users' data "very seriously."
Dormer added that the court documents the Journal was referring to had to do with an ongoing legal dispute involving a company known as Six4Three, which has sued Facebook multiple times in the Superior Court of San Mateo County and also federal court in San Francisco in recent years.
She also provided a statement from Archibong.
“For the most part this is a rehash of last week-end's New York Times story — namely that we built a set of device integrated APIs used by around 60 companies to create Facebook-like experiences,” he wrote.
“In April 2018, we announced that we were winding these down. In terms of our Platform APIs, the Journal has confused two points. In 2014, all developers were given a year to switch to the new, more restricted version of the API. A few developers including Nissan and RBC asked for a short extension — and those extensions ended several years ago. Any new 'deals', as the Journal describes them, involved people's ability to share their broader friends' lists — not their friends' private information like photos or interests — with apps under the more restricted version of the API.”