Skip to main content

Facebook apologises as security sweep leaves developers and app users in the dark

A number of Facebook apps and developer accounts were temporarily disabled last week when the company made a wide sweep for malicious spam apps.

In a memo to developers, Facebook software engineer Eugene Zarakhovsky explained the outage, saying that the company was simply following procedures.

"The Facebook Platform and our users are constantly under attack from malicious apps and we have many automated systems to protect the platform and our users," he said.

In the event of an attack, engineers identify a malicious pattern, find all apps that match that pattern, and disable them. The engineering team did just that. "We started with a broad pattern that correctly matched many thousands of malicious apps but, unfortunately, also matched many of your high-quality apps," Zarakhovsky said.

The team immediately stopped the process and worked to restore access to those applications, but the procedure was slowed by bugs, leaving a number of perfectly acceptable apps, and their developers, in the dark.

"Thanks for the honesty, but can you please provide a way for developers to communicate with you when this does occur?" Ni Bu, co-founder of RidePost, wrote in response to Facebook's explanation. "When something like this happens that can potentially cripple an application (which it did for us) there needs to be a channel to quickly get your attention and get some clarity."

In an effort to prevent a similar situation in the future, Facebook is planning some improvements, including better tools to detect overly broad patterns and a better process to verify that all apps matched are indeed malicious. Additionally, the company will address the bugs and bottlenecks that slowed recovery.

The company did not address developer communication concerns.

"We understand that incidents like these are disruptive to your businesses, and we sincerely apologize for the inconvenience," Zarakhovsky said. "Our team is invested in learning from these incidents and making sure Facebook Platform stability continues to improve."