APPLICATION SECURITY
Knowledge Base
Search Our Knowledge Base
Facebook Security Guide: Application Security Issues, Settings, Tips
Facebook Security: Learn About Potential Issues and Breaches, Get Tips for Improving Facebook Security
With over 2.7 billion monthly active users, Facebook remains the most popular social network site. That popularity makes it even more important for developers and users to use the best security practices on Facebook. To understand secure practices, users need to know about the current threats they may face, but they cannot be the only ones responsible for security. Application developers also need to stay educated on what they can do to protect their users. Informed users and developers must work together to ensure that both can use Facebook securely.
Facebook Security Tips for Users
By taking a few relatively simple steps, users can significantly reduce the risk of Facebook security threats. Note: Facebook changes processes and features frequently, so always reference their security features and tips for the latest information.
When Facebook users sign into other apps and websites using their Facebook account, Facebook grants those things access to various personal data on the user’s Facebook profile. Those applications and websites can continue to use this information until the user revokes that permission. Users can protect themselves by periodically reviewing the “Apps and Websites” section (available from either “Settings” or “Privacy Shortcuts” in the “Settings & Privacy” menu on Facebook), and deleting apps and websites they don’t regularly use.
Next, users can click on “Ads” and then “Ad Settings” to control what information advertisers can use to target them. Users who wish to guard their personal data can make sure that advertisers can see as little of their data as possible using these settings. This section controls advertisers’ access to data on both Facebook and Instagram, so users should be aware that they must adjust settings for both applications. Personal information like a user’s phone number or address is especially important to keep out of the hands of advertisers, and users may want to consider whether it is necessary to keep that information on their Facebook page at all.
Users are often surprised to see the personal data that other Facebook users who are not their friends can see. , Users can control this by going back to "Settings" and then clicking on “Privacy”. This section allows users to adjust what information others can see, how others can find them, who can send them private messages, and other settings affecting interactions with people they may not know. For contact information like email addresses and phone numbers, users may wish to limit even their Facebook friends’ ability to view that data or remove it from their profile entirely.
Development Mode for Facebook Application Developers
Developers of applications that interact with Facebook share responsibility for making sure that users’ personal data is protected. Through the Facebook Developers app, developers can access a number of resources purpose-built for security best practices. First, they should test their apps in Development Mode to see how their application functions in a real environment restricted to only a select set of users. Development Mode allows developers to see the real-world use of their application before publishing it for the world to use, as apps in Development Mode are only usable by users with a role on the app or a role in the business that claimed it
In Development Mode, developers should assign the “Developer” and “Administrator” roles to trusted team members who will be working with them to create the app. They can also add users to the “Tester” role to allow them to use the app the same way a normal user would if it were generally acceptable and to give feedback on its functionality. Developers can designate up to 50 testers when the app is in Development Mode, although they should carefully consider how many testers are necessary before granting anyone those permissions.
When in Development Mode, apps are not searchable by public users through Facebook’s APIs or tools and they are hidden from the App Center. The data generated in Development Mode is only viewable by users who have a role in the app or business, which enables developers to catch issues with code quality and potential exploits earlier on.
Stay Updated on New Facebook App Threats
Developers and users need to remain educated on developing threats. Tools help developers share information on new threats with one another. Best development practices can also change, so staying on top of those general practices also helps developers ensure they will not have to go back and change the core of their code.
Users can increase their safety on Facebook by following security best practices. Do not write login information anywhere except for the actual login form, do not download anything from unknown or untrusted websites. Additionally, stay alert for promises that are too good to be true in messages, emails, or comments. To stay one step ahead of new tactics used by threat actors, users should pay attention to the latest news about the tactics that attackers are using on Facebook.
Bolstering the Security of Facebook Apps
Developers and users can work together to create a secure environment on Facebook. By limiting the data that outside parties can collect, users make their accounts more secure. At the same time, developers make Facebook more secure by following their own set of security best practices. Both parties must remain informed about current threats as they evolve. Stay on top of secure coding best practices by reading our guide to proactive controls.