But the company refused to identify any of
the apps or developers, and the subpoena
would have remained confidential under
Massachusetts law had Facebook not insisted on
keeping it and related exhibits secret.
Massachusetts Attorney General Maura Healey’s
consumer protection division had sought data
on apps from prior to 2014, when Facebook
announced changes to the platform to restrict
access to user data.
Facebook tried to redact the subpoena in
negotiations before ruling by state Judge Brian
A. Davis. But Healey’s office fought to limit the
redacted sections.
Facebook did disclose that it had identified more
than 10,000 apps that “show characteristics
associated with higher risks of data misuse” but
did not identify any of them.
The state attorney general noted that Facebook
had allowed developers to integrate at least 9
million apps into the platform as of 2014 and
had, for many years, allowed developers to
access user data, including photos, work history,
birthdates and “likes.” This applied not just from
people who installed the apps but also to their
Facebook friends who did not.
The unsealed subpoena also says that Facebook
informed the Massachusetts attorney general’s
office that it had identified about 2 million apps
“as warranting a closer examination for potential
misuses of Facebook user data.”
That suggests that, five years ago, more than
one in four apps may have been accessing
Facebook users’ data without their knowledge
or consent.