Landmark California Lawsuit Reveals Facebook Swept App Audit Under the Rug

Zamaan Qureshi / Sep 20, 2022

Facebook/Meta continues to hide the patterns and practices that were at heart of the Cambridge Analytica scandal, says Zamaan Qureshi, a policy advisor and social media coordinator for the Real Facebook Oversight Board and a researcher for The Citizens.

In 2018, Facebook (now Meta) founder and CEO Mark Zuckerberg promised Congress and other regulators that Facebook would release the findings of its app audit, or App Developer Investigation (ADI), after government queries related to the Cambridge Analytica scandal. This past Thursday, September 15th, documents unsealed in the Northern District of California in a lawsuit against Facebook spurred by that scandal revealed the company pushed its findings under the rug.

The evidence disclosed in the Northern District revealed that the “This Is Your Digital Life” app, the survey-based tool designed by Aleksandr Kogan and Joseph Chancellor that was used to collect the data of millions of Facebook users for Cambridge Analytica, was just the tip of the iceberg. The unsealed documents show that additional apps, large and small– such as “App Bank,” “Sync.Me,” and “Zynga”– were allowed access to billions more data points than the Cambridge Analytica app.

Table from documents unsealed 15 September 2022 in the Northern District of California

“[I]t is highly likely that most everyone who used Facebook at the same time as just these few apps had their information exposed without a use case,” said the plaintiff’s lawyers in their brief in support of sanctions for Facebook’s lawyers at Gibson, Dunn, & Crutcher, a D.C. based law firm.

Here’s why this matters: in order to defend itself, Facebook singled out Aleksandr Kogan and the political nature of Cambridge Analytica’s work to discredit the app developers, obscuring the reality that Facebook’s own system allowed Cambridge Analytica to gain access to 87 million users’ data. Instead, the ADI reveals that Facebook had a much larger problem on its hands—by allowing third-party developers access to friends-of-friends data on Facebook, millions of users had no idea and had given no consent to the fact that their data would be used and likely sold by third parties.

Another reason this matters: it indicates Zuckerberg may have misled Congress over this issue. Testifying before the Senate Judiciary Committee in 2018, Zuckerberg told lawmakers that “if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps.”

As Tech Crunch noted, “Facebook comms simply went dark on the audit and ignored “journalist questions about how the process was going” despite making the promise to Congress to release the full audit. Facebook went on to settle with the Federal Trade Commission for $5 Billion over the data scandal, without ever releasing the full audit publicly.

Around the same time, Richard Allan of Facebook’s European policy team gave evidence before a grand committee of parliamentarians from Commonwealth nations. One member, UK member of parliament Ian Lucas, challenged Lord Allan. “Can you name an app, other than GSR [the Cambridge Analytica app] that you have banned for the same reasons?” An evasive Allan chose not to supply a specific answer.

Violative apps beyond the GSR app reveal a pattern: for years, Facebook allowed third-party developers access to the platform with plausible deniability, allowing it to pretend that developers had exploited a vulnerability rather than walking through a door that Facebook had already propped open.

Finally, the unsealed documents reveal that Facebook apparently misleads users significantly about what data is being collected on them by the company. A tool called “Download Your Information,” (DYI) made available by Facebook, is referred to as “at best misleading.”

These documents also indicate that Facebook has another internal tool called the “Switchboard” which contains significantly more data than the DYI tool, including “the full alphanumeric identifier for each cookie associated with the Named Plaintiffs’ devices, as well as the accounts associated with that cookie, the number of times that cookie was seen, and the date and time it was seen.”

These documents reveal that it was never just about Cambridge Analytica. Rather, Facebook was aware of a pattern and practice it had created for its financial benefit at the expense of users, their data, and privacy. Then they appear to have covered it all up.


Zamaan Qureshi
Zamaan Qureshi is a policy advisor and social media coordinator for the Real Facebook Oversight Board and a researcher for The Citizens where he focuses on Cambridge Analytica. He is also an activist and advocate for safe social media for teens, has written for TIME, Slate, Byline Times, has appeare...