Last Updated: 12th September, 2019
Facebook has made the announcement an extension of its Bug Bounty Program to include the Instagram ecosystem, covering third-party applications that abuse user data.
First launched in 2018 in response to the Cambridge Analytica Scandal, the Data Abuse Bounty program works by “incentivizing everyone to report user data collection applications and expose to malicious parties for exploitation.”
If an application is found to be breaking Facebook policy in this way, it could be kicked off the platform or become the subject of legal action. Facebook may also decide to conduct a forensic audit of related systems.
In the 2016 presidential election, Cambridge Analytica egregiously used data from tens of millions of Facebook users and their buddies scrapped by the third party ‘This Is Your Digital Life‘ app to influence United States voters.
Since that debacle, the social network was forced to kick hundreds more third-party apps from its platform for similar abuses, including one called myPersonality which was used by four million users.
The addition of Instagram to the Bug Bounty Program reflects the importance of the platform to Facebook’s business and growing concerns over developer access to user data.
In February, it was reported that data on 14.5 million Instagram accounts was being stored online in the UK with no password protection. It was suspected that a third party could be scraping accounts for publicly accessible data, for use later in marketing campaigns.
A year back, Instagram unexpectedly dropped the API limit for third-party applications from 5000 to 200 calls per hour and stopped allowing new submissions as an effort to enhance user privacy.
Facebook set out its vision for a radical overhaul of the company in July following a record $5BN penalty issued by the FTC in response to the failings that led to the Cambridge Analytica incident.