I'm considering developing an app that asks users to invite friends to participate at first launch, using the Request dialog. (The Request dialog would have a prominent Skip button, in agreement with Facebook policy IV.4.)
Browsing this forum, it appears that there USED to be a "Developer Policy V.4" which, at one time, said this: "You must not prompt users to send invitations, requests, generate notifications, or use other Facebook communication channels immediately after a user allows access or returns to your application."
I no longer see language like that in the policies available here: http://developers.facebook.com/policy/
Does this mean that prompting users to send invitations at first launch is now allowed? Or am I simply overlooking some language in the new policies that forbids this?
I believe this was removed intentionally, as it clearly isn't in their updated developer policies. The only mention of that old policy I can find is here. That post also gives a good reasoning for the old policy:
When a user -- whether returning or
new -- visits your application, you
must allow the user to engage with
your application before asking him/her
to publish a stream story, send out
Requests, or use any other
communication channel. The intention
behind this policy is to give users
the opportunity to meaningfully
interact with an application before
being faced with the decision of
whether to communicate with friends.
The advice is still valid even if the policy is no longer in place - that you should give the user a chance to use and learn about your application before being prompted to share it. However, if you are building a game like Words With Friends where you need to play against one of your Facebook friends, then I think it would be fine (almost necessary) to invite friends right away, and this may be why Facebook removed this from their policy.
I think you will be fine if you prompt a user to send friend invites immediately, provided its not for the purpose of spamming other people to get them to use your app and that you provide a skip option.
Also, its sad that its near impossible to get a response from Facebook like you have seen with their forums.
Related
My question is about Facebook permission over Application Shares.
I'm developing a App solution to my Customer, out of Facebook's Domain: Here's how it works:
The user access a Page where he can write a message to create a post with Image features;
He is requested to approve this post on his Facebook's Timeline;
When he finishes, the post can not be instantly posted. It will be saved among other users' messages;
When the time comes, an administrator, through a Control Panel, will check and select the best message to qualify;
Only the best message will be posted on the author's Timeline (User Timeline).
The question is:
I know that Facebook is not allowing Implicit Shares, but I don't know if posting only after an administrator input is considered implicit, because there won't be user approval on that moment. He already did it back there writing the message.
Is that possible, or I will have to make another request through Notification or something?
Thanks to the comments. Here's the answer to my own question:
The Answer is NO. Doing a post without user confirmation, even if he already did it some time ago is considered a Implicit Share, and it is no longer possible. There is another problem with the step I provided. You cannot ask for a user to publish something that won't be made instantly. If you ask to do this, it must be right on time. I think there is an exception for Pages, but that's not the point.
To comply with facebook's policy, the same functionality can be made with these steps:
The user access a Page where he can write a message to create a post with Image features;
At this moment The User is NOT asked to post this on Facebook. He is just asked to create it without mentioning Facebook itself;
When he finishes, the post will be saved among other users' messages;
When the time comes, an administrator, through a Control Panel, will check and select the best message to qualify and notify the selected user to access the link containing the message;
Here, finally, the user can see his message and is asked to post it into his timeline;
The applications must always do exactly what they tell the Users they are going to do, and you cannot ask something or request a permission for some functionality that you won't use at that moment.
Thank you!
My latest project has (had) a requirement for the user to invite their friends to their online service. I discovered that, apparently, as of April 2015 with the new v2.0+ Facebook Graph API, you cannot actually get a list of friends for the user, unless those friends are already subscribed members of your app.
The scenario:
My app is a web service that lets the user collaborate on research work in a private group online. The user needs to
look up their list of friends,
set permissions their friend will have in the group, and
send them an invitation both join the service, and the specific group. (using a unique, one-time use link tied to each recipient)
The user would (ideally) receive an invitation with a specific link for them to not just become a subscriber of said online app, but specifically to join the group they were invited to (i.e. not just a generic "hey, check out this app" type of invitation).
The expectation:
The user doesn't care whether their friend is already a member of "MyApp.com". They expect to simply look up their friends just like they do today from their phone when they connect it to Facebook (makes all contacts available, regardless of whether those friends connected their Facebook to their phone, respectively). Likewise, compare inviting members to your Google docs, for example: look up your contact, set permission, send invite - so easy. Users demand this UX simplicity today and do not distinguish or care whether they are dealing with email, Facebook, Twitter contacts, whatever.
The problem:
The entire point of a social network is to be, well, social. If the Graph API only lets my app access friends that are ALREADY users of my app, it completely defeats the entire purpose - it cuts my user off at the knees, kills UX, no more ability to actually contact their own friends. My understanding is Facebook made this change to prevent developers from spamming users, and I get that, I completely support that. HOWEVER, my company and my app are not the ones that are trying to invite friends for it's own purposes, it is the USER and THEIR OWN friends that THEY have the right to access and converse with for their purposes (or so you'd think). Beyond just friends list, even if I had that, I think there are additional hurdles and limitations with posting messages to friends, even private (not wall) messages, which again would be anti-social.
The Question:
Am I understanding Facebook limitations properly, and if so, what is the work-around? I'd be ok with such an API being locked down until you pass a review that proves you aren't spamming users, but I did not see such an option.
Facebook supposedly prioritizes users over developers, and these changes were made because if the user is not comfortable with privacy (don't spam my friends), then they wont be users any longer, and that obviously affects developers and Facebook. OK, but did they not realize that by locking it down this extreme just killed UX for the user in legitimate scenarios? And to my original point, not just a little, but paramount - the result quite literally is that on April 30, 2015, Facebook became anti-social. Surely this is not inline with their mission. Surely there is a better approach.
If your app is not a game (which I assume), the only viable option would be the Message Dialog as desribed at
https://developers.facebook.com/docs/apps/faq#friend_invite
If your app is not a game and has a mobile or web presence:
You can also use the Message Dialog on iOS and Android, or the Send Dialog on Web. These products let a person send a message directly to their friends containing a link to your app. This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.
You might also find App Invites useful but I beleive it's only for iOS and Android apps and might not exactly fit your use case:
https://developers.facebook.com/docs/app-invites
App Invites are a content-rich, personal way for people to invite
their Facebook friends to a mobile app.
We are in the process of creating a new authentication system for all of our company web apps. We are considering allowing users to login via Facebook, Google, Live, etc.
What are your thoughts on safety, privacy and security of allowing Facebook access to our users? People are telling us horror stories of Facebook tracking them even when not logged in to Facebook. Has the world chosen to accept ease of login over privacy protections? Are these fears all myths?
Safety depends very much on the code as you implement it. I prefer to avoid logging in people with Twitter, because it is very easy to create a fake account on Twitter. For now, I am with Facebook and Google, and I've noticed nothing particularly "dangerous" in terms of security.
The odd phenomenon (at least as far as my experience goes) is that, when presented with two options, i.e., the possibility to sign up with a "stardard form" that requires a verification email (long procedure) and the possibility to click a button and login with Google, Yahoo, or Facebook (fast and easy), users prefer providing their information with the form, the good old way. It must be due to rumors about the privacy breach you mention.
I don't think I can dismiss or confirm such myths. The sure thing is that the Google+ button (the +1 button to be more specific), says hi if you visit any site that has it while you're logged in, and greets you by name. Google analytics suggests you change your privacy statement if you decide to track the interests and hobbies of visitors. Facebook has insights too. I don't think that these are all myths.
Privacy also depends on what you do with the data you can collect with Google/Facebook/Live login. I have made it a point not to share, sell, use any of the information gathered - not even emails, not even for newsletters (I don't send newsletters). I do understand that this may be pure idealism, and that it doesn't bring you that far if you have to run a business (not sure!), but so far it's working fine, at least for me, and for my users.
I am developing a web App for users who want to post the exact same thing on a given time on their own Facebook wall to make a message viral. Of course, considering they granted my app the permission to do so and signed up specifically for that matter. Also, the frequency of such a blast message would be rare, no more than once or twice a week.
I would like to know if anyone has any experience in doing this and what the limitations are since I can't find them on Facebook's developer support.
This type of behavior is discouraged by the Facebook ToS. Further, in order to publish to a user's feed you need to have a current access token for that user. If they are currently connected and using your app, you have access to those tokens and publishing should be possible but very well might get your app banned for ToS violation.
According to the Facebook Platform Policies:
You must not pre-fill the user_message
parameter or content sent via an
extended permission (such as a status
update or note), unless the user
generated the content earlier in the
workflow.
Does that mean that I can't publish stories to the stream automatically, even if the user agreed to?
I've seen apps (such as PlayStation Network, Foto Diaria) that publish stories automatically.
PlayStation Network publishes stories about actions you did in PS3 games and Foto Diaria publishes a picture from your wall every day. In both cases the attachment is created by the application, and the user message is empty. Could that mean that publishing stories with an empty user message (empty, not absent) is not considered pre-filling?
EDIT: I need to know what is allowed or not by the Facebook Platform Policies, not how to post stories.
If you ask the user for the publish_stream extended permission then you'll be able to post automatically whilst the user is interacting with the application. You can pre-fill the user message only if it's something that the user has entered earlier in the process e.g. if you've asked them to comment on a piece of content and then publish a story about the comment. If in doubt, leave it blank.
If you want to publish automatically even when the user isn't online then you'll also need them to grant the application the offline_access extended permission. In this case you'll also need to store the session key that Facebook gives you for that user.
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/stream_stories/
Check this out. The Platform policies section of the FB Dev site has some additional documents to allow you gain a better understanding of the guidelines for sharing.
Please also read the section about User Feedback.
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/user_feedback/
Hope this helps.
We can ask user to grain of offline_access permission, which is access to user profile at anytime, even if user is not online. But this permission will no longer available.
I agree that this permission is so harmful to user.
But it still useful if owner app want to post to their own account during user use their app. If you want to post to your self account, you can manually grain offline_access to your app, and select access_token and keep it in your own app, and use it when you need to post your account. It make sense that Facebook should allow developer to do this task.
it is simply forbidden but, there is a catch about it, if is text prepared by user previously, you can post that text later and I think you are able to add your own text to that. But not so sure..
I'm saying this based on McDonald's Canada's yourquestions app, you can ask questions to them, whenever its answered they posting to your wall.
But to clarify that, as a PMD I'll ask to FB personally and let you know what is the answer is.