For few months straight im trying to pass "Developer Privacy Compliance" check on my app.
My final step is about this request:
Test your incident response systems and processes at least every 12
months.
Provide recent incident response test outcome summary. Scope should include both systems and processes
I've tried to get more details or even examples/exact tools I need to use and received this answer:
Foundationally, your organization should have tools in place for
detecting incidents (e.g., anomalous logins or data egress), tools for
managing incidents (prioritizing, escalating, tracking resolution),
and related policies (e.g., whom to notify)
Still confused. Is anyone here passed full "Developer Privacy Compliance" in past and proved this step somehow?
Please, share your experience or point me to some examples of tools or services I can use to implement "incident response system" suitable for Facebook in this case.
Thanks!
Related
We use the Facebook API in our web app to provide a "publish to Facebook group" feature directly from the web app. Customers can publish the results they are achieving thanks to our products in our group.
To implement this very simple feature we had to duck, provide screen recordings, send business registration papers, give login credentials, describe the process from every perspective, crawl and bent.
Then
on Dec 15, we received the following message:
"We’re now requiring an admin of your business, [....], to complete access verification. This is a new process that asks for information about how you use the Meta business assets and information of your clients, so we can verify that your business is a Tech Provider."
Also in the same message:
"This typically takes around 10 minutes to complete and you’ll only need to do this once."
Since then I filled in the form 9 times, with serious effort. But every 5 days it just get rejected without a clear reason given, and there is no chance to contact a Facebook support.
Does anyone know how to fill in the "Access Verification - prove you are a Tech Provider form", so I will get accepted?
The actual questions that they keep asking are:
Add details about how your business will use Platform Data (i.e., any info or data you obtain from us) to enable a product or service on behalf of your clients.
Describe how your clients use your product or service.
I already tried the solution proposed here:
Stuck in Facebooks Access Verification hell
quoting their questions, but it has been in vain...
The time is running out, in some days Facebook is going to block the API if we don't pass this verification process, but I don't know what else we can try...
I tried to contact Facebook, but this seems to be impossible. Some forms (App Review Support) just give a generic error message.
I tried to post a request of help to the Facebook Developer Group, but they rejected the request because it's not related to a development issue.
Same when I tried to open a ticket with the Facebook tech support for a bug; they answered that it's not a technical issue.
There is no guide from Facebook on how they want this information to be provided.
I have got this from Meta:
Your app xxx(AppId: xxx) doesn't follow our policies. Since we're
striving to improve the Platform experience, your app has been
deactivated.
Your app is violating Platform Policies:
Platform Terms 7.e.i.1
You have not timely responded to our requests related to monitoring or
auditing;
Rest is policies and appeal related information.
What is it that they want? I am so confused here.
I did receive an email about data protection evaluation but the date that was provided to me to submit all inforamtion was 06/03/2022. And 1 day after receiving the email the app was deactivated. Any ideas? Thanks!
Recently I've received this email from Facebook about one of my apps after Data Security Checkup:
In working to create a great Platform experience for everyone, we ask developers to ensure the apps they build comply with our Platform Terms and Developer Policies. Your app APPNAME (AppId: **************) doesn't comply with the following:
Platform Terms 6.a.i.1: You must always have in effect and maintain administrative, physical, and technical safeguards that do the following: Meet or exceed industry standards given the sensitivity of the Platform Data
Please make the requested changes by 2021-11-23 at 12:00 PST.
Platform Terms 6.a.i.1 follows to Developer Data Security Best Practices Page and looks like industry standard.
My app uses Facebook Login with only read permissions for public data, like Instagram posts and comments. No any publishing or management.
What exactly Facebook expecting from me as single developer to update in my app? I have vps on Digital Ocean with server management via Serverpilot with all latest security updates etc. My host protected with CloudFlare Business Plan. I've provided all this info already but receiving bot/automated messages like this and have no idea what to do next. Please help?!
I have two-step authentication on facebook. I just tried to log in from my home PC but didn't write second step code.
I've got notification that somebody (me) was trying to login to my account and location was so precise (within 2 meters).
I wondered how facebook detects location so precisely only based on IP?
Today geolocation is in the core business of Marketing companies, there's a very developped market of customer data, so tons of mobile apps and services collect data such as usual IP addresses, personal information, interests, locations.
That information gets reselled to data brokers, aggregated, corrected. And then Facebook or others can buy that data, merge it, implement corrections and so and get tables for matching IPs and locations that are not public, it seems.
However they offer a high level API to perform market targeting which seems to use that data:
https://developers.facebook.com/docs/marketing-api/buying-api/targeting#location
In your case it was precise because they may have a good dataset based on your privacy settings experience, not only with facebook but with other geo-located apps. In my case their guess is wrong by hundreds of Km, because I was behind a corporate proxy.
I apply for Facebook audience network a lots of times but I was rejected every time. Can anybody help me on this developer audience network? What are the requirements. Is there any reason my application got rejected?.
This is a story why I cannot recommend to waste your time with Audience Network.
As an indie developer I've decided to try Facebook Audience Network to show ads in my mobile application. After I spent hours to make all the integration stuff and filled out all required registration info my application was successfully approved to the network.
But it was still blocked from showing ads because of the bug - I was not able to add bank info to the Payouts in Monetization Manager because it is treated my SWIFT number as invalid one. So I've made a support ticket and attached screenshot with error. In response I got following answer:
Thank you for applying for Audience Network. At this time we are
unable to accept your application. We thank you for your patience
while we determine the ideal process for bringing new publishers on to
the network.
I was shocked about such response as my application was still approved, so reply was totally irrelevant to the problem. There was no explanations on the topic and ticket was closed without a chance to appeal. so I created a new ticket where I asked about reasoning for such response. To my surprise I received exactly same answer as previous one.
After sending few additional emails to support I received an update which does not give any additional information and only confirms Facebook ignorance to developers:
Thank you for reaching back to us. We currently do not have any
further information to offer. We seek your kind understanding on this
matter.
I’ve spent more time trying to get an answer and after a week of waiting I've got another useless answer:
I would like to let you know that your case has been reviewed by our
Internal team in detail earlier and under these circumstances, the
team has decided to maintain the original decision. The application
has been disapproved and unfortunately we cannot provide any further
insight on this issue.
I never break any rules and even spent money to promote my app with Facebook ads previously, but Facebook showed that they don’t care about your problems and don’t respect developers or their time.
As a conclusion I suggest for everyone to avoid my mistake and do not spend your time to just get such a crap from Facebook.
UPDATE:
After half a year they did some updates in Audience Network and now it displays a message that they do not work with my country yet (Ukraine). It is still ridicuolus that support was not able to provide this information after numerous requests.