Even as most Facebook users, regulators and privacy advocates are still trying to come to terms with the revelations about how Cambridge Analytica got access to massive amounts of private data from Facebook, a new report from The New York Times now claims that those leaks might have just been the tip of the iceberg.

The daily that originally exposed the Cambridge Analytica scandal, has now published a detailed report on how the social networking company “struck agreements allowing phone and other device makers access to vast amounts of its users’ personal information”. According to the report, Facebook had signed data-sharing deals with at least 60 device makers, including Apple, Amazon, Blackberry, Microsoft and Samsung.

The deals were said to have been signed before the official Facebook apps were widely available on smartphones, and “allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, ‘like’ buttons and address books”. While many of these deals have since been discontinued, many others are still said to be functional.

“Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data. Tests by The Times showed that the partners requested and received data in the same way other third parties did … They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties,” the New York Times reported.

facebook q1 2018 earnings call

According to the report, Michael LaForgia, a NYT reporter, used the Hub app on a BlackBerry Z10 to log into Facebook. Once connected, the app was reportedly able to access the private data of 556 of his Facebook friends, “including their relationship status, religious and political leanings and events they planned to attend”. The app was also reportedly able to access information – including unique identifiers – on close to a whopping 3 lakh friends of LaForgia’s friends.

Already under siege from the fallout of the Cambridge Analytica scandal, Facebook is defending its data-sharing agreements with device manufacturers, even though some believe that it is in direct violation with the company’s 2011 consent decree with the US Federal Trade Commission (FTC).

Ime Archibong, Facebook’s VP and director of strategic partnerships, seemingly brushed aside questions about the company’s data-sharing agreements with device manufacturers. In a blog post, he said, “These partnerships work very differently from the way in which app developers use our platform”.

According to him, “Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies”.

However, many privacy advocates are still far from convinced by that argument, and believe that such data-sharing pacts are in gross violation of user-privacy. According to Ashkan Soltani, a research and privacy consultant who formerly served as the F.T.C.’s chief technologist, “It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission”.

It will be interesting to see how the whole deal plays out going forward, but Facebook could have avoided something like this so soon after the Cambridge Analytica scandal.