Facebook – new policy and requirements for Graph API

Posted on Posted in API

New limitations

The new Facebook’s policy introduces several changes which may be harmful for small scale developers. It looks like access to for example user_friends permission will be now limited to companies which can afford to implement advanced security systems.

Their requirements seem to be similar to the new European regulation – GPDR. These breaking changes are most likely caused by recent lawsuit related with Facebook & Cambridge Analytica and Mark Zuckerberg’s promises during his testimony in Congress.

Facebook requires now to business verification for some permissions. If you don’t pass app or business review, you will loose access to these APIs after August 1, 2018.

Facebook Requirements
Facebook Requirements

Influence on mobile applications

It’s a really bad news for small applications, most likely it will kill Facebook integration.

They don’t even provide any form to contact and discuss it, when you click on “support” you are forwarded to support page for Facebook Analytics.

If you have a small company and creating apps for fun, their terms are very demanding and could cause a huge problems for your business in the future. Therefore you should decide if it’s worth to risk in exchange of displaying friends.

Business Verification – small print on the contract

When you start business verification process, it asks about company details, if you provide these, you will be asked to sign a contract with Facebook. I encourage to read carefully their terms, because they ask you to:

  • provide them from time to time upon a written request access to your books, records, agreements, services, facilities etc. which relate to user data in order to audit your security mechanisms and procedures,
  • cover review costs and expenses if they detect any noncompliance with their terms or security requirements.

Good luck to small apps…


  • My original answer on Stack Overflow,
  • Facebook Login Changelog – here you can check which permission requires app review, business verification and contract,
  • Contract with Facebook is not published, you will receive it when you start a business verification,
  • Short overview of Mark Zuckerberg’s promises,
  • From Facebook Login Changelog:

    In order to help protect people’s data, we’re now requiring that an increased number of permissions go through the App Review process. For certain permissions, we are also requiring business verification and a contract between your business and Facebook. Businesses can be verified by providing forms of documentation including utility bills, business licenses, certificates of formation, articles of incorporation, tax ID numbers, and others. The contract introduces additional security requirements and other provisions around data.