The clock is ticking for several of the developers on Facebook’s platform as the social networking giant has been sending out notices since yesterday night to those of its developers that they believe have created apps which violate their policies regarding sending of authentication data to third parties. These developers have been given 48 hours to modify their apps to comply with the company policies and failing to do so they will run the risk of being subject to one of their enforcing actions, or in other words being thrown out of the website.
All of this began last week with a blog post by Symantec which talked about how Facebook applications accidently leak access to third parties. The post talked about the company having found around 100,000 apps which inadvertently leaked authorization tokens because of the use of iframes for authorization of apps. As fallout of this, Facebook responded with their own blog post which promised that by the 1st of September this year, all aps on the platform will have to migrate to OAuth 2.0 which will ensure encrypted access tokens. However, as September is still long away and these apps are still leaking out the information to third parties, which has become an even bigger problem for Facebook now that Symantec has released all these details, Facebook has decided to issue an ultimatum to those apps which they deem are in violation.
However, 48 hours is still a very sharp deadline, and the developers who have received the notification are expressing their panic all over the internet on various forums and platforms like Twitter. According to Facebook, these changes are only needed by a small community of developers; however the size of Facebook is so large that even this small community makes up quite a big number of developers.