Facebook Data Security Policy - facebook

Recently I've received this email from Facebook about one of my apps after Data Security Checkup:
In working to create a great Platform experience for everyone, we ask developers to ensure the apps they build comply with our Platform Terms and Developer Policies. Your app APPNAME (AppId: **************) doesn't comply with the following:
Platform Terms 6.a.i.1: You must always have in effect and maintain administrative, physical, and technical safeguards that do the following: Meet or exceed industry standards given the sensitivity of the Platform Data
Please make the requested changes by 2021-11-23 at 12:00 PST.
Platform Terms 6.a.i.1 follows to Developer Data Security Best Practices Page and looks like industry standard.
My app uses Facebook Login with only read permissions for public data, like Instagram posts and comments. No any publishing or management.
What exactly Facebook expecting from me as single developer to update in my app? I have vps on Digital Ocean with server management via Serverpilot with all latest security updates etc. My host protected with CloudFlare Business Plan. I've provided all this info already but receiving bot/automated messages like this and have no idea what to do next. Please help?!

Related

Facebook deactivation Platform Terms 7.e.i.1

I have got this from Meta:
Your app xxx(AppId: xxx) doesn't follow our policies. Since we're
striving to improve the Platform experience, your app has been
deactivated.
Your app is violating Platform Policies:
Platform Terms 7.e.i.1
You have not timely responded to our requests related to monitoring or
auditing;
Rest is policies and appeal related information.
What is it that they want? I am so confused here.
I did receive an email about data protection evaluation but the date that was provided to me to submit all inforamtion was 06/03/2022. And 1 day after receiving the email the app was deactivated. Any ideas? Thanks!

Business verification required as part of my app review

I was asked by facebook to submit my app for an app review to get further access to some fields in their Graph API. I have done so and today I got a message from them:
The permissions and features review for (my app name) is complete.
Next, we'll verify your business. To do this, you may need to provide
documentation like a business license or utility bill.
The problem is that I have no company and therefore no documents to prove that I have one. I have created and launched this app as an individual and I just want access to few fields from their Graph API.
Please what should I do? I wanted to write them directly, but I haven't found something through what I can contact them.
New limitations
This is the new Facebook's policy. It looks like access to for example user_friends will be now limited to companies which can afford to implement advanced security systems.
Their requirements seem to be similar to the new European regulation - GPDR. These breaking changes are most likely caused by recent lawsuit related with Facebook & Cambridge Analytica and Mark Zuckerberg's promises during his testimony in Congress.
Facebook requires now to verify your business for some permissions:
If you don't pass app or business review, you will loose access to these APIs after August 1, 2018.
Influence on mobile applications
It's a really bad news for small applications, most likely it will kill Facebook integration.
They don't even provide any form to contact and discuss it, when you click on "support" you are forwarded to support page for Facebook Analytics.
If you have a small company and creating apps for fun, their terms are very demanding and could cause a huge problems for your business in the future. Therefore you should decide if it's worth to risk in exchange of displaying friends.
Interesting things about their requirements
When you start business verification process, it asks about company details, if you provide these, you will be asked to sign a contract with Facebook. I encourage to read carefully their terms, because they ask you to:
provide them from time to time upon a written request access to your books, records, agreements, services, facilities etc. which relate to user data in order to audit your security mechanisms and procedures,
cover review costs and expenses if they detect any noncompliance with their terms or security requirements.
Good luck to small apps...
References
Facebook Login Changelog - here you can check which permission requires app review, business verification and contract,
contract with Facebook is not published, you will receive it when you start a business verification,
short overview of Mark Zuckerberg's promises,
post on my blog with this answer,
from Facebook Login Changelog:
In order to help protect people's data, we're now requiring that an increased number of permissions go through the App Review process. For certain permissions, we are also requiring business verification and a contract between your business and Facebook. Businesses can be verified by providing forms of documentation including utility bills, business licenses, certificates of formation, articles of incorporation, tax ID numbers, and others. The contract introduces additional security requirements and other provisions around data.
August 6, 2019 - Update
Finally, the time has come. Permissions were supposed to stop working on August 1, 2018, but actually Facebook has given one extra year. Yesterday I received this e-mail:
As of September 4, 2019, MY_APP_NAME will no longer have access to the
following permissions or features:
user_friends

Facebook is asking me to verify my business but I'm not a business [duplicate]

I was asked by facebook to submit my app for an app review to get further access to some fields in their Graph API. I have done so and today I got a message from them:
The permissions and features review for (my app name) is complete.
Next, we'll verify your business. To do this, you may need to provide
documentation like a business license or utility bill.
The problem is that I have no company and therefore no documents to prove that I have one. I have created and launched this app as an individual and I just want access to few fields from their Graph API.
Please what should I do? I wanted to write them directly, but I haven't found something through what I can contact them.
New limitations
This is the new Facebook's policy. It looks like access to for example user_friends will be now limited to companies which can afford to implement advanced security systems.
Their requirements seem to be similar to the new European regulation - GPDR. These breaking changes are most likely caused by recent lawsuit related with Facebook & Cambridge Analytica and Mark Zuckerberg's promises during his testimony in Congress.
Facebook requires now to verify your business for some permissions:
If you don't pass app or business review, you will loose access to these APIs after August 1, 2018.
Influence on mobile applications
It's a really bad news for small applications, most likely it will kill Facebook integration.
They don't even provide any form to contact and discuss it, when you click on "support" you are forwarded to support page for Facebook Analytics.
If you have a small company and creating apps for fun, their terms are very demanding and could cause a huge problems for your business in the future. Therefore you should decide if it's worth to risk in exchange of displaying friends.
Interesting things about their requirements
When you start business verification process, it asks about company details, if you provide these, you will be asked to sign a contract with Facebook. I encourage to read carefully their terms, because they ask you to:
provide them from time to time upon a written request access to your books, records, agreements, services, facilities etc. which relate to user data in order to audit your security mechanisms and procedures,
cover review costs and expenses if they detect any noncompliance with their terms or security requirements.
Good luck to small apps...
References
Facebook Login Changelog - here you can check which permission requires app review, business verification and contract,
contract with Facebook is not published, you will receive it when you start a business verification,
short overview of Mark Zuckerberg's promises,
post on my blog with this answer,
from Facebook Login Changelog:
In order to help protect people's data, we're now requiring that an increased number of permissions go through the App Review process. For certain permissions, we are also requiring business verification and a contract between your business and Facebook. Businesses can be verified by providing forms of documentation including utility bills, business licenses, certificates of formation, articles of incorporation, tax ID numbers, and others. The contract introduces additional security requirements and other provisions around data.
August 6, 2019 - Update
Finally, the time has come. Permissions were supposed to stop working on August 1, 2018, but actually Facebook has given one extra year. Yesterday I received this e-mail:
As of September 4, 2019, MY_APP_NAME will no longer have access to the
following permissions or features:
user_friends

Enterprise Developer account or Standard Developer account?

We're developing an iPad application for a client, who wishes to distribute the application to only those customers who have purchased the license from him for 'x' number of users. For example, if an university buys the license from him for say 50 users/devices or another company may buy the license from him for 100 users/devices. What would be the best way to distribute such an app. After doing some research iv come across 2 ways for this but each with its own hiccups.
1) Distribute it through the App Store with a standard developer license and authenticate the users of the app. Only if the users are authenticated by the server, would they be able to access and use the application. This allows my client to restrict the users to only those who have obtained licenses form him.
But i have heard that Apple would reject such apps that provide only exclusive access to some users and not to all.
2) The other option is the Enterprise Developer account where he would host the apps on his site and the clients who have obtained licenses only can download it. However, I believe that enterprise applications can only be developed for in-house employees. i.e if he has the enterprise account, the app can only be used for his employees as it would work only for the devices authenticated with the unique DUNS number.
Anyone has any workarounds for this? Any help would be much appreciated. Thanks.
The client I have just developed an app for has the requirement for users to login to their service before they can use the app. They place the app in the store with a clear indication a login is required. The app is free to download so no one gets caught paying for something they can't use.
We have just submitted the latest app to the store and are waiting for approval*. When submitting we included a full login for the reviewers to test the app with. This was in the review notes and remains confidential. They have an existing app already approved which works the same way.
As part of the app we also included a demo mode with static content bundled with the app which allowed access to all the functionality but only for that very limited set of data.
The client has the Enterprise programme which allowed us to beta test the app with designated users but that was with the usual 100 device limit (with devices able to be removed at renewal time only). Both the individual developer and the company program are allowed the same number of devices but you want to be able to join the clients team as developer so they should go for the Company program. The client will need to be the Agent for the submission and that is fixed as the first account they sign up with. We're trying to change the agent for our company now and it's not something you can do online you have to send Apple a request. They should then add you as a developer for their program. You can be a member or an admin but only they, as the Agent, will get to sign the app for distribution.
I sure hope you aren't correct about rejection because of the login service or I'm going to have a very disappointed client on my hands.
*EDIT: Our application was approved by Apple at the first attempt so there was no problem with this approach.

What is Google Apps?

What is google apps and why are so many startup companies using it?
Google Apps is a collection of business software components delivered as a service, saving you from having to install Exchange, Office and the usual business stuff. Plus Google Apps allows people to write their own apps and install them on Google's servers. A lot of companies use Google Apps for email and calendering instead of Exchange these days. It saves costs.
One useful feature of Google apps is that it allows you to use the gmail interface to host email on google's servers for your own domain. So you can send/recieve email with an #example.com address (if your startup was called example.com).
Unlike many apps, the Google Business Apps are intuitive. Calendars, email, file sharing, contacts, and more are simple to use and will work virtually on any internet connected device.
basic benefits of google apps are -
1. It is Cost Efficient - For only $5 a month, you will receive email addresses for your team with your company's name, 30 GB storage you can use for file storage and sharing, online calendars, and the ability to easily create online spreadsheets, slides, text documents, and more. All these great features including admin controls and security from a name you can trust. If you prepay for a year you will actually save $10.
Security - The company is FISMA-Moderate level certified -- this is the same level of certification for the internal email usage within the United State's government. Google is also capable of supporting HIPAA compliance. Google is trusted by millions to virtually secure their email from any threats through routinely checking emails before downloading a document for any threats of viruses, pshing emails, malware and more.
User friendly and intutive interface.
Google Apps are...
“A set of intelligent apps including Gmail, Docs, Drive, and Calendar to connect the people in your company, no matter where in the world they are.”
Source: https://gsuite.google.com/together/
Examples: Google Calendar, Google Drive, Google Hangouts, Google Slides, Google Spreadsheets - those are all web-based applications ("apps").
G Suite is the name given by Google for their collection of applications. Formerly named “Google Apps for Work” and “Google Apps for Your Domain”, G Suite is resource implemented by I.T. Administrators, to enable access to Google Apps, through a domain (and their aliases).
For Example: Rather than using your standard Gmail address (username#gmail.com), users in a business or organization would login to access those web-apps using an email address with their own domain, like (username#example.com).
The interface is the same as for standard Google Account holders, yet G Suite admins have the ability to add some branding, and control features - through the G Suite Admin Console.
I'm going to stop here before this post starts to resemble a pitch - let's just say that I really enjoy the fact that my workplace has implemented G Suite for our organization - it has made my duties, that much easier!