Third-Party Apps on Facebook: Privacy and the Illusion of Control

Little research examines the privacy threats associated with the use of third-party apps on Facebook. To address this gap in the literature, we systematically study third-party apps' current practices for privacy notice and consent by: i) collecting data from the 1800 most popular Facebook apps to record their data collection practices concerning users and their friends, and ii) developing our own Facebook app to conduct a number of tests to identify problems that exist in the current design of authentication dialogs for third-party apps on Facebook. To address these problems, we propose two new interface designs for third-party apps' authentication dialogs to: i) increase user control of apps' data access and restrict apps' publishing ability during the process of adding them to users' profiles, and ii) alert users when their global privacy settings on Facebook are violated by apps. This research provides both conceptual and empirical insights in terms of design recommendations to address privacy concerns toward third-party apps on Facebook.