Facebook slammed for deceptive app verification scheme
Hauled up for selling empty verification badge
Facebook took money from software developers for an empty application verification program that offered no special checks above those carried out for all applications, the US Federal Trade Commission (FTC) has alleged.
In a 19-page complaint that also batters the company for being less than clear with its users over privacy more generally, the FTC lays out the embarrassing failings of the company’s Verified Apps Program that ran between May and December 2009.
For a fee of $375 (£240, $175 for a student or non-profit), developers could submit apps within the Facebook platform to the company in return for a Verified check mark that visually boosted its rating for consumers.
Related Articles on Techworld
“Application Verification […] is designed to offer extra assurances to help users identify applications they can trust - applications that are secure, respectful and transparent, and have demonstrated commitment to compliance with Platform policies,” as Facebook described the Program on its website.
Applications were supposedly checked for their compliance with Facebook’s privacy and transparency policies.
However, the FTC now alleges that Facebook in fact took no special steps to assess the applications beyond those it would have carried out for any application, rendering the scheme deceptive. A total of 254 were awarded the Verified badge.
In the FTC’s view “Facebook took no steps to verify either the security of a Verified Application’s website or the security the Application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application.”
It is not known how much Facebook profited from the meaningless Verified scheme but its total earnings could have been as high as $95,250, depending on how many applications were submitted at the higher and lower rates offered.
Facebook agreed to a settlement with the FTC last week over the wider failings its security and privacy policies and will have to submit to regular privacy inspections for 20 years.