Facebook is treating data-abusing third-party apps as seriously as it does security flaws.
The social network will expand its bug bounty program, typically reserved for security vulnerabilities that allow hackers to attack Facebook, to include apps that misuse data.
This week’s announcement comes in the wake of Facebook’s data privacy scandal, after an app called “thisisyourdigitallife” took data of more than 50 million users and improperly shared it with data analytics firm Cambridge Analytica.
“Facebook’s bug bounty program will expand so that people can also report to us if they find misuses of data by app developers,” Ime Archibong, Facebook’s vice president of product partnerships, said in a blog post. “We are beginning work on this and will have more details as we finalize the program updates in the coming weeks.”
All of this comes after Facebook CEO Mark Zuckerberg promised to audit all apps it suspects of suspicious behavior and to limit how much information app developers can access.
“Facebook is the first major company that is asking for researchers to identify data privacy issues,” said Ilia Kolochenko, CEO of security company High-Tech Bridge.
Facebook didn’t respond to a request for comment.
Security experts say Facebook’s decision will allow more people, including people not as technically skilled as researchers, to join the bug bounty program.
“By expanding their bounty program to include data misuse by app developers, Facebook may have found a way to mobilize their community to self-police,” said Craig Young, a security researcher for Tripwire’s Vulnerability and Exposure Research Team.
Blockchain Decoded: CNET looks at the tech powering bitcoin — and soon, too, a myriad of services that will change your life.
iHate: CNET looks at how intolerance is taking over the internet.