http://blogs.wsj.com/digits/2010/10/18/some-facebook-apps-return-after-privacy-breach/

October 18, 2010

Some Facebook Apps Return After Privacy Breach

At least some of the apps that Facebook appeared to have shut down over the weekend after Wall Street Journal reporters inquired [1] about a privacy breach have been reinstated.

"We're back!," said Arjun Sethi, the CEO of LOLapps Media Inc., in a blog post. [2] LOLapps makes applications like Gift Creator, with 3.5 million monthly active users; Quiz Creator, with 1.4 million monthly active users; and Colorful Butterflies.

The applications were shut down amid news that many of the most popular apps were transmitting user IDs to dozens of advertising and Internet tracking companies. The Journal found that some LOLapps applications were transmitting users' Facebook ID numbers to a company called RapLeaf Inc. RapLeaf then linked those numbers to dossiers it had already assembled on those people, and it transmitted Facebook IDs to a dozen other advertising and data firms, Emily Steel and Geoffrey Fowler reported.

RapLeaf said the transmission was inadvertent. After being contacted by the Journal about the issue, RapLeaf said it had taken "extra steps to strip out identifying information" from the information it shares with its partners and introduced an additional audit process to protect people from the transfer of such information.

Facebook said [3] that "in most cases, developers did not intend to pass this information, but did so because of the technical details [4] of how browsers work." Mr. Sethi wrote that LOLapps fell into that category, although he did not say that the problem was what led to the apps being shut down.

He also wrote that LOLapps had "immediately dissolved" the relationship that had caused it to run afoul of Facebook. He did not specify whether that relationship was with RapLeaf.

LOLapps was not the only app maker that went down over the weekend. Phrases, which has more than 43 million monthly users according to application-metrics firm AppData, remained down Monday morning, although the reason was unclear. In response to a reporter's question on Sunday, a Phrases representative said in an email that the app had been using coding in Facebook's app platform that passes the user ID number to authorized applications to enable them to tap into Facebook profiles. The number is then sometimes passed on to outside firms via a technical process. The representative also wrote that developers thought the issue was "solved now."

A post that went up Sunday on the app's Facebook page said "apparently Facebook's 'automated systems' disabled Phrases, without talking with us about any problems that we could address." App representatives did not respond to further request for comment.

-- Geoffrey A. Fowler and Emily Steel

[1] http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html

[2] http://lolapps.blogspot.com/2010/10/were-back.html

[3] http://developers.facebook.com/blog/post/418

[4] http://blogs.wsj.com/digits/2010/10/18/referers-how-facebook-apps-leak-user-ids/