Facebook’s new login and graph API has resulted in apps asking for half as many permissions

SAN FRANCISCO — Facebook today laid out the most details yet about how its new login and graph API, which goes into effect for everyone on Thursday, will impact developers. And it said that the changes, which were first launched a year ago, have resulted in apps asking for half as many permissions, and an 11 percent increase in logins to apps through Facebook.

At a “whiteboard” event here today, Facebook product manager Simon Cross went over the changes that all apps will have to deal with starting Thursday.

The company announced the new login and graph API at its F8 developers event in 2014, and said they would go into effect immediately for all new apps, but that developers of existing apps would have a year to upgrade. The changes were meant to give “people more control over the information they share with apps.”

Facebook’s Login was designed to give users a way to automatically sign into a wide variety of apps. The changes were meant to give users more control over what kind of personal information, including their friends list, they shared with those apps by allowing to edit the information they provide. In addition, Facebook said last year it would be looking at and approving all permissions apps asks for beyond public profiles, friend list, and email. “Our goal,” it said at the time, “is to help apps follow best practices while still keeping the review process fast and lightweight.”

Over the last year, developers of many apps have already been upgrading. But on Thursday, “we begin to migrate all the older apps … to the new login,” Cross said.

But, Cross added, the “majority of apps have already upgraded” over the last year.

“We’re really making it clear to people how their information is being used,” Cross explained, “but we’re giving people control over what information they share with apps.”

Facebook is “not turning off the old system,” Cross said. But behavior of any non-upgraded apps at login will change depending on the information developers ask for, and how they’ve coded the app. That means that some apps will continue to work perfectly, while others will experience some errors. There “may be” some apps that stop working altogether, Cross admitted.

Still, Facebook “spent the last year giving developers a ton of feedback about how this will work, and make sure they’ve updated their apps,” and as noted above, the majority of developers of existing apps have already migrated.

With the new login, users will be able to tell third-party apps what information they want to share with Facebook. With some apps, that can mean only giving certain pieces of information, like an email address. That gives user very “granular” control, Cross said.

Another change taking effect Thursday is to Facebook’s Graph API version 2.0. In the past, users had little control over what information of theirs would be shared when their friends logged in to apps. But now, users will be able to control that information. So, for example, users could take control over the photos they share with app, regardless of whether or not their friends use that same app.

The third change has to do with the kind of permissions review apps have to go through. If an app asks for only a basic set of permissions — public profile, email, and friend list — there is no additional review required. But if an app wants more, those permissions must be manually reviewed by Facebook. Over the last year, Cross said, a team at Facebook has reviewed more than 40,000 apps. “Every app built … since [F8 2014] that requires additional review, has been through review,” Cross said.

He added that each developer who went through such a review got detailed feedback from Facebook. The review can take up to five business days, Cross said, but the vast majority get a response within two days.