This article was published on October 29, 2009

Facebook will give application developers access to your email addresses. Does that worry you?


Facebook will give application developers access to your email addresses. Does that worry you?

facebookplatformFacebook has just announced at their Facebook’s Developer Garage that developers on their platform will be given access to their users email addresses.

The goal is to create a more ‘open’ Facebook and let developers feel their users/customers are actually their own, rather than just Facebook’s.

For developers, this will mean App-to-user notifications will eventually be disabled and developers will have to contact users via email to update them about application updates. For your average Facebook user, the consequences of such a move are significant.

Whenever a user ‘installs’ an application, the developer requests the users email address (similar to the various other requests you find when installing an application) and if accepted, the developer is handed their email address, along with first name and last name. This WILL be optional however there will no method of contact for the application developer should the request no be accepted. Therefore for full application functionality, developers will be able to store all these details for use for that specific application but potentially for alternative use as well.

If we consider for a moment the number of Facebook users who use applications (figures being researched but we can assume it’s huge), it’s a daunting prospect to consider that email accounts will be freely passed along to their developers who are then able to contact their users directly with no Facebook intersect.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

When Ethan Beard, Lead of Platform at Facebook, was asked if users would be able to select whether or not to be contacted directly (by sharing email address with the developer) or via Facebook, Beard’s response after a moment’s silence was something along the lines of “that’s like asking someone to call you but not giving them your phone number”. Sadly, not quite, Facebook has (relatively well) acted as a solid intersect between applications and users inboxes. By removing an application, you could be comfortable in the knowledge that the application’s developer would not be able to contact you.

Now, that changes, and without an intersect, a developer’s users (no matter how silly an application may be) have an authenticated, up to date email address, first name and last name. All it takes for one mildly successful application from a seedy developer, and names, email addresses and potentially other private profile information is theirs to abuse.

On a very contrasting note, it might be fair to say that similar to the many web services we sign up with every day, we hand over our name and password, quite often birth date as well. Why shouldn’t Facebook applications be considered on equal footing and therefore have access to the same information when users sign up. I would argue that when most of us sign up with various other online services we’ll often decide to give a fake name, scrap email address and almost consistently the same fake birth date too. With Facebook, we’re handing over our real name, real email address and for most Facebook users their real birth date too. The moment you change your email address, application developers have the up to date new one. The only way round this is to give Facebook, a fake name, your scrap email address and yep, the made up birth date too.

If that happens, then it threatens one of Facebook’s greatest strengths, being an up to date, generally truthful telephone book of the people you care about.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with