gravatar

Inside Facebook

Inside Facebook

Facebook Tells Some Developers They Have 48 Hours to Authentication Data Leaks

Posted: 16 May 2011 07:46 PM PDT

Facebook has sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication data to third parties, and that they have 48 hours to fix the leaks or be subject to enforcement. They can become compliant by switching to OAuth 2.0, or by adding an interstitial page the removes the authentication data as a stop gap before the mandatory migration to OAuth 2.0 on September 1st.

However, several developers have posted to the Facebook developers forum that they have checked their apps and found no data leaks. This indicates that a widespread panic may be unnecessary because some that received the warning may not actually be in violation of policy and may not need to make any changes.

The situation appears to be connected to the issue that developers using an older authentication system were purposefully or inadvertently sharing access tokens for user data with third-parties such as ad networks. This violates Facebook’s Platform Policy, though the actual negative impact to users is limited. In response, Facebook accelerated its app security roadmap, mandating a move to OAuth 2.0 which prevents the leak by September 1st, and requiring developers to attain an SSL certificate by October 1st.

Some are reporting the the email is inciting a small-scale panic amongst developers, though we’re seeing more of a state of confusion. Since the email appears to have been sent to developers singled out by Facebook’s automated system, and those that are violating policy may have done so in one of several ways, the notification doesn’t indicate exactly what developers have done wrong. Many suspect they received the message in error, and they aren’t in violation.

Facebook recommends developers use an HTTP proxy or monitor such as Fiddler or Charles to check to see if the HTTP Referrer Header is passing access tokens. If they find they are in fact violating policy, they can switch to OAuth 2.0 early. Those unsure of whether they violate policy should consider this option because they’ll have to migrate to the newer authentication system eventually. However, this may be a considerable amount of work for a relatively soon deadline.

Alternatively, developers can add an interstitial page that clears authentication data as per the Legacy Connect Auth documentation. This should be a quicker solution for those looking to ensure compliance before the deadline. If developers don’t do either and are found to be violating policy after the deadline, their apps may be suspended.

By setting a fast-approaching deadline, Facebook is taking a hard line against developers who are violating policy, either accidentally or willfully. This will send a message that the site is serious about protecting users. However, the short period of time to make changes and the potential that some developers may have received the worrisome message when they haven’t done anything wrong could hurt Facebook’s relations with the developer community.

Facebook Rolls Out Places Functionality and Checkin Deals to Pages With Street Addresses

Posted: 16 May 2011 03:41 PM PDT

Facebook has confirmed with us that it has started bringing Facebook Places functionality to some Pages representing physical spaces. Some Pages that list a street address, such as local businesses and public places, may be checked in to via Facebook’s location-based service Places, and may offer incentives for visiting in person through Checkin Deals.

Facebook tells us this automatic merge of Pages and Places “makes things easier for Page administrators”. We agree that it is a better solution than the now removed option to manually merge Places with Pages. By expanding the number of Pages that can run Checkin Deals, Facebook may be looking to drive user awareness and engagement with the product and earn money off of it through ads promoting the incentives.

When Places launched in August, owners of physical spaces could claim their Place, and also had the option to merge claimed Places with Pages. At the time, merged Places pages used the unfamiliar left-side navigation menu layout that wouldn’t be rolled out to until February. They also lacked some functionality of Pages, there were some bugs in the merging process, and they couldn’t be unmerged, making it a somewhat difficult decision for admins.

Facebook later temporarily provided an unmerge option but then revoked the abilities to merge or unmerge last month, possibly in anticipation of a shift towards this automatic merging.

Meanwhile, Facebook launched Checkin Deals in November that can be used to incentivize checkins with discounts or charity donations. Since then, though, few businesses have offered Checkin Deals, few users are aware of them let alone have redeemed them, and attention has shifted toward’s Facebook’s prepaid coupon service called simply Deals. These facts signal that Facebook needs to do a better job with outreach and accessibility — two things assisted by this change.

Now, Pages that list a physical address may show a “Friend Activity” tab that displays the checkins to that location by a user’s friends. This can give users a sense of what it’s like to be at the physical location the Page represents, and learn about what’s happening there in real time. If a Places page with the same name and address already exists, it may be rolled into the official Page.

Admins of these automatically merged Pages may also see a prompt at the top of their Pages notifying them that they can run Checkin Deals. They can also see a Deals tab in the left-side navigation menu of the Edit Pages admin interface. Facebook has been slowly rolling out the self-serve tool for creating Checkin Deals to more properties, including some Pages, since the feature’s launch.

As Pages typically have many more fans and more engaged admins than Places, the expansion of Places and Checkin Deals functionality to them should work to familiarize users with Facebook’s location-based services. Admins may be waiting for a clear success story before integrating Checkin Deals, so Facebook may be hoping the expansion of the feature to Pages might produce one of these cases. This could open the flood gate for businesses to start using and advertising for the incentives.

Platform Update: Subscribe to Comments Box Threads, Like Story Feedback Insights, Send Button Metrics

Posted: 16 May 2011 11:59 AM PDT

The latest Platform Update to the Facebook Developers Blog on Friday announced the new ability to subscribe to threads in the Comments Box social plugin, the addition of Like Story feedback to the Insights tool, and details on API access to metrics on Send button activity.

Facebook also released several developer tutorials this week, including “How-To: Handle Expired Access Tokens“, and “How-To: Use The Graph API to Upload Photos to a User’s Profile“, and is seeking feedback from developers on the tutorial template.

The company released the updated version of the Comments Box social plugin for third-party websites in March, but has now added “Subscribe” buttons to each comment thread. In addition to the original author of a thread, those who click the button will receive Facebook notifications of new comments in that thread so they don’t miss something interesting. Users can also click to unsubscribe if a thread gets off topic later.

Facebook tested an unsubscribe button for news feed threads in August 2010, but decided not to roll it out. Now the two systems contrast, with a reply to a news feed story subscribing one to notifications about future comments, while users have to actively subscribe in the Comments Box and have the option to reply without being subscribed.

The new feature will enhance the utility of the plugin, especially for more technical sites such as the Facebook Developers Blog, where comments can carry crucial information. Though there aren’t options to subscribe via email or RSS, this update helps to close the functionality gap between Facebook’s comments plugin and popular third-party plugins such as Disqus and IntenseDebate.

The Facebook Insights tool for developers now includes analytics regarding feedback to stories published to the news feed when users click Like buttons on third-party websites. The data includes:

  • Like Story Impressions
  • Like Story Likes
  • Like Story Like Rate
  • Like Story Comments
  • Like Story Comment Rate

When combined with existing metrics on Like Story click through rate, this data can help developers determine if the open graph meta tags they’re added to their website are generating compelling Like stories. They can then change things such as the image, headline, and descriptive copy that are included in the story and test to see if performance improves. For instance, a high Like rate compared to the comment rate might indicate that the posts are enjoyable and easy to consume, but might not include strong enough calls to action or questions.

Facebook launched the Send button on April 25th, and by March 7th over 25,000 sites had integrated it. Now developers can access metrics about the performance of their Send buttons via the Graph API and Insights FQL table. Aggregated by domain, developers can see Send button views and clicks, and views and clicks of inbox Messages sent through the Send button by day or over the domain’s lifetime. This data can help developers determine the optimal placement of their Send buttons and the most compelling content for the button to deliver.

Featured Facebook Campaigns: Corona & MTV, Rue La La, Hotels.com, Wheat Thins and Nook

Posted: 16 May 2011 09:30 AM PDT

Users take the stage this week as we look at how brands are reaching out to customers on Facebook. Corona & MTV put the prizes in the hands of users, asking them to name their dream experience while Nook asked users to share why they love reading. Rue La La asked users to vote on the merchandise they wanted to buy on the company's website. Hotels.com wants users to experience a crazy night in one of their hotels for themselves via a photo/video integration. Finally, Wheat Thins gave its customers a $1 off coupon for its latest product.

We've excerpted two of the campaigns below. You can see the full week's coverage in the Facebook Marketing Bible, which also includes detailed breakdowns of dozens of other featured campaigns by top-performing brands and businesses on Facebook.

Corona & MTV's Experience the Extraordinary

Goal: Engagement, Page Growth, Network Exposure, Product Purchase

Core Mechanic: A contest in which users share an "extraordinary" experience they want to have, then share via social media to garner votes.

Method: Users first must answer whether they are 18 or older, then they have a chance to enter an experience that is extraordinary they want to have. The winner will receive the experience, to be filmed and broadcast on MTV. Then 10 runners-up receive trips to Ibiza, Spain. Users must enter their emails, Like the Page and then get their network to vote for them, thus exposing the contest to other users.

Impact: The contest has seen 164 entries since its launch on May 2 and runs until June 20. The campaign is interesting because of its creativity, as the prize is actually determined by the user who enters the contest.

Rue La La's Vote For Style

Goal: Engagement, Page Growth, Network Exposure, Product Purchase, Brand Loyalty

Core Mechanic: Rue La La created a Vote for Style tab and asked users to vote on their favorite items.

Method: For a week, from May 9 through May 12, Rue La La provided fans the opportunity to vote on their favorite merchandise featured on the Vote for Style tab on the company's Facebook Page. The top 24 picks were set for sale on the company's website on May 12.

Impact: The Rue La La Page grew to 145,500 Likes as a result of the promotion.

How are top brands in the industry designing their Facebook marketing campaigns? See the Facebook Marketing Bible for detailed breakdowns of dozens of Featured Campaigns by top-performing brands and businesses on Facebook.

Videos, Page Tabs, Vevo, Quizzes, Zoosk, More on This Week’s Top 20 Facebook Apps by MAU

Posted: 16 May 2011 09:04 AM PDT

There were a few interesting new additions to the usual Turkish video applications on our list of top growing apps by monthly active users this week, including the Vevo music video app and Zoosk dating app.

Apps on our list grew from between 243,000 and 1.8 million MAU during the past week. The list is compiled using AppData, our data tracking service covering traffic growth for apps on Facebook, and covers those that gained the most users in the past seven days. Note that Facebook has been experiencing reporting delays since May 14, so the

Top Gainers This Week

Name MAU Gain Gain,%
1. Gardens of Time 8,004,969 +1,807,324 +29%
2. Kral Video ! 1,397,829 +1,323,258 +1,774%
3. Daily Horoscope 6,591,994 +1,081,483 +20%
4. Quiz Taco! 13,472,424 +1,004,234 +8%
5. 60 Photos 4,015,569 +929,684 +30%
6. Zombie Lane 6,538,999 +893,017 +16%
7. PowerVideo 896,440 +877,000 +4,511%
8. BandPage by RootMusic 23,858,449 +775,281 +3%
9. Bubble Saga 4,032,687 +683,189 +20%
10. HTML + iframe + FBML = iwipa 5,727,077 +514,392 +10%
11. Welcome Tab for Pages 3,183,398 +488,988 +18%
12. Gourmet Ranch 5,965,466 +486,292 +9%
13. Diamond Dash 7,612,751 +417,527 +6%
14. Videohane 376,596 +372,944 +10,212%
15. Today’s Video 1,309,951 +363,103 +38%
16. Zoosk 9,356,846 +359,811 +4%
17. VEVO for Artists 3,316,909 +309,585 +10%
18. Super Texas Holdem Poker 262,698 +258,844 +6,716%
19. VideoGezegeni 549,240 +252,072 +85%
20. Tarjetitas 1,701,700 +242,957 +17%

In the Turkish video app category, we had  Kral Video ! with an increase of 1.8 million MAU, PowerVideo with 877,000 MAU, Videohane with 373,000, Today's Video with 363,100 MAU and VideoGezegeni with 252,100 MAU. The apps all pretty much do the same thing: show a selection of videos for users to choose from, to view, Like or Share. A few of them had different viral elements; Kral Video asks with a pop-up to provide daily video posts and VideoGezegeni automatically posts daily to your stream.

Two Page admin apps,  HTML + iframe + FBML = iwipa with 514,400 new MAU and Welcome Tab for Pages with 489,000 MAU allow users to install custom tabs on their Pages. Then there were two music apps, BandPage by RootMusic with 775,300 MAU and VEVO for Artists with 309,600. The VEVO app was interesting because it seems to represent a new direction for music on Facebook, namely the exclusive promotion of an artist's music videos. Installing the app creates a Music Videos tab on your Page.

The rest of the apps were different types. Daily Horoscope, a Turkish app, added 1 million MAU and provides daily horoscope posts to your Wall. Quiz Taco is an app that grew also by more than 1 million MAU and uses a 25-question Q&A about a user's Facebook friends, posting a feed story with each answer, to grow.

60 Photos is an app that grew by 929,700 MAU and collects the photos of Facebook friends, allowing the user to click "nice" or "pass," posting stories to the owner of the photos when "nice" is selected. Dating app Zoosk grew by 359,800 MAU this week and is trying to bring users deeper into the apps' integration by asking for more personal information. Finally, the Spanish language greeting card app Tarjetitas (little cards) grew by about 243,000 MAU mostly in the United States and Mexico.

Check in later this week for our look at the top weekly gainers by daily active users on Wednesday, and the top emerging apps on Friday.

All data in this post comes from our traffic tracking service, AppData. Stay tuned for our look at the top weekly gainers by daily active users on Wednesday, and the top emerging apps on Friday.

tirsdag den 17. maj 2011 at 07.38