For a group of developers on Facebook's platform, the clock is ticking. Last night and into today, Facebook has been sending out notices to developers they believe have apps in violation of their policy against sending authentication data to third parties. Those developers have 48 hours to fix their apps or they risk being "subject to one of the enforcement actions" ? read: being booted. You may recall that all of this initially came up last week when Symantec wrote a blog post entitled "
Facebook Applications Accidentally Leaking Access to Third Parties." That post detailed how the company found close to 100,00 apps that were�inadvertently�leaking auth tokens due to the use of iframes for app authentication. As a result, Facebook responded with
a blog post of their own noting that by September 1 of this year
all apps must migrate to OAuth 2.0, ensuring encrypted access tokens.
Flooring Bamboo
No comments:
Post a Comment