Facebook Fixes Privacy Bug Spotted by Consumer Reports

The problem affected ad preferences for iPhone users

Facebook app GettyImages-935634244

Facebook has corrected an inconsistency in a privacy setting on its iPhone app in a recent update. Consumer Reports' privacy experts had pointed out that the app could mislead consumers about their ad preferences.

After the Cambridge Analytica data scandal broke in March, Facebook repeatedly promised to make reforms, saying in one blog post that the company would “put people more in control of their privacy.” In June, Consumer Reports analyzed Facebook privacy settings to see whether the company had made it easier for consumers to protect their privacy on the platform.

Our privacy experts found that the design and language used in Facebook's privacy controls nudge people toward sharing the maximum amount of data with the company. We also found a mistake in the design of an ad preferences setting in the iOS, or iPhone, version of the Facebook app.

When iPhone users navigated to the app’s ad preferences menu, they found a setting titled “Ads based on data from partners,” and right below it the words “Not Allowed.” This implied that Facebook would not show those users ads based on data from the mobile apps and websites they had gone to, according to privacy experts at Consumer Reports.

However, if you swiped through a couple more screens, you found a slider to control this setting, switched to “Allowed” by default. That let Facebook use the data to show such targeted ads.

More About Privacy

Consumer Reports didn't find this problem in the Android version of the app or in the browser version of the social media platform.

With a recent revision to the iOS app, the setting selection is no longer ambiguous. The default on the first screen reads "Allowed," and that's the option indicated on the slider on the subsequent screen. If you change this setting using the slider, the text on the earlier screen changes to match it.

One aspect that remained unchanged in Facebook's privacy settings is that new users have to complete the sign-up process before they can opt out of receiving ads based on data from Facebook's partners.

Responding to questions from Consumer Reports, Facebook said the problem with the settings was a technical glitch. "We'd like to thank Consumer Reports for bringing this to our attention," said a Facebook spokesperson, Sally Aldous, in an email. "After investigating your report we found a bug, which meant that when some people landed on their 'ads settings' summary page they saw an incorrect status for the control, which enables them to opt out of us using data from third parties to inform the ads they see."

Consumer Reports experts say they welcome the change, but they are calling on Facebook to make further changes to the setting to enhance consumer privacy.

"We are glad that Facebook has fixed the broken default setting on the iOS version of their app" says Katie McInnis, policy counsel for Consumers Union, the advocacy division of Consumer Reports. "However, the current default settings for ad preferences on Facebook are the less privacy-protective options. We urge Facebook and other platforms to make their default settings privacy-protective by design."

Like most websites, CR.org also collects user data. You can get the details in our privacy policy.

Allen St. John

I believe that technology has the power to change our lives—for better or for worse. That's why I’ve spent my life reporting and writing about it for outlets of all sorts, from newspapers (such as the Wall Street Journal and the New York Times) to magazines (Popular Mechanics and Rolling Stone) and even my own books ("Newton’s Football" and "Clapton’s Guitar"). For me, there's no better way to spend a day than talking to a bunch of experts about an important subject and then writing a story that'll help others be smarter and better informed.