Blog

How a Facebook Application can Find Personal Information

How a Facebook Application can Find Personal Information

Facebook have recently announce that they have changed the way in which applications are authorized.. In the past any Facebook application had full access to all of a user’s personal information (whether or not that user was aware of the fact).

Now each new application must explicitly ask for this access. It is, therefore, worth every Facebook application developer and every Facebook application user to ask what each application does in order to find personal information.

Using Facebook to Find Personal Information: Asking for Access

The Facebook application user must now explicitly ask for any information that is not publicly accessible. For example, they must ask the user for permission to access their: birthday; email address; likes; location. And they ask for permission by using the Facebook login button:

«fb:login-button»«/fb:login-button»

To which they add the explicit permission request:

«fb:login-button perms=”email,user_birthday”»«/fb:login-button»

Once the user has permitted access (as shown in figures 1 and 2 at the bottom of this article) then the developer can make use of the user’s extended details.

Using Facebook to Find Personal Information: Obtaining the Details

If the Facebook application developer is using PHP then they can obtain an array in which they will find personal information that the user has stored about themselves. This information can then be used within the application, for example:

«?php

$me = $facebook->api(‘/me’);

echo “Your email is ” . $me[’email’]

The full list of permissions is available from the Facebook developers’ web site.

Using Facebook to Find Personal Information: Obtaining Friends’ Details

A user’s friends’ details can be obtained in a similar fashion, but the list of permission is not as extensive so, for example, the application can collect: relationships; religion and politics. It may not collect the user’s friends’: email addresses; list of friends. Therefore, a request might look like:

«fb:login-button perms=”email,user_birthday,friends_about_me,friends_birthday”»«/fb:login-button»

The developer then has access to all of the user’s friend’s information, as can be shown by:

$friends = $facebook->api(array(‘method’ =» ‘friends.get’,’uid’ =» $uid));

foreach ($friends as $friend_id) {

$friend = $facebook->api(‘/’ . $friend_id);

echo “«pre»”;

print_r ($friend);

echo “«/pre»”;

}

Again the full list of permissions is available from the Facebook developers’ web site.

One final point for both the developer and the user to bear in mind is that this request for information only applies to new applications added to users’ profiles after June 30th 2010, and even with this in place, much of a user’s personal information is still accessible without their knowledge.

It is still dependent on the applications that their friends are using. It also assumes that every Facebook developer will use the data obtained in a professional manner.

Close