To continuously improve Instagram users’ privacy and security, we are accelerating the deprecation of Instagram API Platform, making the following changes effective immediately. We understand that this may affect your business or services, and we appreciate your support in keeping our platform secure.
In the future, other APIs will be disabled. Starting on December 11, 2018, Instagram will no longer allow apps to read public content, and in early 2020, apps will not be able to read a user’s own profile info and media. These APIs are all part of Instagram’s older platform, and it has already been working towards transferring developers to a newer, more restrictive platform.
As TechCrunch points out, Instagram had originally planned on deprecating the APIs in July and December of 2018, but suddenly moved the timetable forward in the wake of Facebook’s Cambridge Analytica scandal. While the remaining APIs won’t be disabled fully until 2020, Instagram has implemented rate limit reductions on them as of last weekend to limit access.
Instagram previously allowed 5,000 API calls per user per hour, a number that has been cut down to 200.
Facebook is entering a tough transition period where it won’t take chances around data privacy in the wake of the Cambridge Analytica fiasco, CTO Mike Schroepfer tells TechCrunch. That’s why it’s moving up the shut down of part of the Instagram API. It’s significantly limiting data available from or requiring approval for access to Facebook’s Events, Groups, and Pages APIs plus Facebook Login. Facebook is also shutting down search by email or user name and changing its account recovery system after discovering malicious actors were using these to scrape people’s data. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way” Schroepfer writes.
Instagram will immediately shut down part of its old platform API that was scheduled for deprecation on July 31st. TechCrunch first reported that developers’ Instagram apps were breaking over the weekend due to a sudden reduction in the API call limit. Instagram refused to comment, leading to developer frustration as their apps that analyze people’s followers and help them grow their audiences stopped working.
Now an Instagram spokesperson tells TechCrunch that “Effective today, Instagram is speeding up the previously announced deprecation of the Instagram API Platform” as part of Facebook’s work to protect people’s data. The APIs for follower lists, relationships, and commenting on public content will cease to function immediately. The December 11th, 2018 deprecation of public content reading APIs and the 2020 deprecation of basic profile info APIs will happen as scheduled, but it’s implemented rate limit reductions on them now.
The announcements come alongside Facebook’s admission that up to 87 million users had their data improperly attained by Cambridge Analytica, up from early estimates of 50 million. These users will see a warning atop their News Feed about what happened, what they should do, and see surfaced options for removing other apps they gave permissions to. Facebook CEO Mark Zuckerberg plans to take questions about today’s announcements during at 1:00pm Pacific conference call.
Regarding the Facebook APIs, here’s the abbreviated version of the changes and what they mean:
Events API will require approval for use in the future, and developers will no long be able to pull guest lists or post sto the event wall. This could break some event discovery and ticketing apps.
Groups API will require approval from Facebook and a Group admin, and developers won’t be able to pull member lists or the names and photos associated with posts. This will limit Group management apps to reputable developers only, and keep a single non-admin member of a closed Group from giving developers access.
Pages API will only be available to developers providing “useful services”, and all future access will require Facebook approval. This could heavily restrict Page management apps for scheduling posts or moderating comments.
Facebook Login use will require a stricter review process and apps won’t be able to pull users personal information or activity, plus they’ll lose access if after 3 months of non-use. Most login apps should still work, though, as few actually needed your religious affiliation or video watching activity, though some professional apps might not function without your work history
Search by phone number or email will no longer work, as Facebook says it discovered malicious actors were using them to pair one piece of information with someone’s identity, and cycling through IP addresses to avoid being blocked by Facebook. This could make it tougher for people in countries where people have similar names find each other. Of all the changes, this may be the most damaging to the user experience.
Account Recovery will no longer immediately show the identity of a user when someone submits their email or phone number to similarly prevent scraping. The feature will still work, but may be more confusing. Facebook believes all its users’ could have had their data scraped using the search and account recovery tricks.
Schroepfer says that Facebook’s goal is to lock things down, review everything, and then figure out which developers deserve access and whether any of the functionality should be restored. The announcements raise questions about why it took the Cambridge Analytica scandal for Facebook to take data privacy seriously. You can expect the House Energy and Commerce Committee may ask Mark Zuckerberg that when he comes to testify on April 10th.
Facebook CTO Mike Schroepfer
Facebook’s bold action to reform its APIs shows it’s willing to prioritize users above developers — at least once pushed by public backlash and internal strife. The platform whiplash could make developers apprehensive to build on Facebook in the future. But if Facebook didn’t shore up data privacy, it’d have no defense if future privacy abuses by outside developers came to light.
Schroepfer tells me Facebook is taking its responsibility super seriously and that company is upset that it allowed this situation to happen. At least he seems earnest. Last week I wrote that Facebook needd to make a significant act of contrition and humility if it wanted stabilize the sinking morale of its employees. These sweeping changes qualify, and could serve as a rallying call for Facebook’s team. Rather than sit with their heads in their hands, they have a roadmap of things to fix.
Still, given the public’s lack of understanding of APIs and platforms, it may be tough for Facebook to ever regain the trust broken by a month of savage headlines about the social network’s privacy negligence. Long-term, this souring of opinion could make users hesitant to share as much on Facebook. But given its role as a ubiquitous utility for login with your identity across the web, our compulsive desire to scroll its feed and check its notifications, and the lack of viable social networking alternatives, Facebook might see the backlash blow over eventually. Hopefully that won’t lead back to business as usual.
For more on the recent Facebook platform changes, read our other stories:
Application programming interfaces, or APIs, have become the currency of the digital era. They are the link between devices, web sites, and services and as such, can have an outsized effect on your user experience. As a case in point, consider my frustration with Google Home and its inability to play the music I want well.
A friend at Google who looked into this for me said that my lackluster experience was likely due to a poor integration of the Spotify API with the Google Home. So after hearing APIs be blamed for frustrations in my personal life while also hearing people in various industrial or commercial settings talk about their challenges working with APIs, I decided to figure out what the heck is happening in this weird world of application programming interfaces.
First up, APIs tend to get all the blame, even if the problem is somewhere else in a device or in the back-end cloud. Blaming an API is the ultimate in shooting the messenger, except when it isn’t. Because sometimes APIs are the problem. Back when APIs became popular in the web world, roughly 20 years ago, developers used them to share information between web sites. That expanded to include computing elements, such as those offered by Amazon Web Services. And now, they are expanding again — to connect devices to web sites and to computing services.
But while the web world has had years to work out the kinks when it comes to developing APIs, the hardware folks are relatively new to this. Kin Lane, a consultant who goes by the title API Evangelist, says the folks developing APIs for devices tend to break some of the API best practices because they aren’t thinking about how others — especially non-hardware experts — might use them.
One of the most common API usability crimes hardware folks commit is using jargon or inexplicable acronyms to describe the access they give and functions they offer. If you’re making an API to connect to a light bulb, for example, labeling parts of the API with a cryptic color value may not be as handy as labeling it blue or yellow-white light. Consider as well how it will be used, and for how long. An API has the potential to become infrastructure, which means others’ services or businesses may rely on it. If that’s the case, you should communicate with them when you change something, ideally before you change it. And you shouldn’t change it every few days, because it’s likely the developer in charge of handling your API is also in charge of many others.
Another API design sin is putting too much complexity into it. Prakash Khot, CTO at AthenaHealth, says that keeping things to a minimum and designing for modularity helps keep an API stable and usable. He also recommends that you consider error messages and feedback as part of the overall API design.
Too often when a request fails, the API designer hasn’t created a way to communicate what went wrong. This is frustrating for the end user and the company trying to work with the API. Also, in the case of an error message, Khot recommends thinking about the user’s privacy. For example, if a credit card number isn’t shared properly, don’t ship the number back and forth as part of the error.
Outside of basic design considerations, any business that wants to build an API (and really, that’s going to be every business in the IoT economy) should consider two other aspects. The first is politics and the second is business goals. When companies play politics is where end users might see the most frustration. An example would when Google decides to promote its own music service over that of Spotify on its Home device by using a subpar integration. It might also show up in cases where a competitor’s device can’t even access an API, or has rate limits that mean it’s going to perform more slowly or time out often. I anticipate this kind of API warfare between Nest and Amazon in the near future if they don’t patch up their spat.
When it comes to business goals, consideration can start with the information that you provide as part of your API, but might also be as direct as charging for access to an API or even paying others to use it. API calls do cost companies money since they have to provide servers to support information requests and developers to keep them up and running. However, they can also perform an invaluable scouting function for a company. For example, a company like Philips can see what cool things developers are doing with its lights if it looks at API data. It may then decide to buy a particular startup or hire a particular type of engineer.
Though I’ve dug deeper into the world of APIs, I still haven’t figured out why some of my individual devices behave so strangely. But I feel like I have discovered where the future of business contracts — and disputes — will be held in the new era of the internet of things. I can’t wait to learn more.
With the release of Android Oreo, Google included an autofill API to allow for system-wide filling in of details such as account and credit card info. The framework manages communication between Google’s autofill service and other apps, and it’s great for both saving time and avoiding errors.
We’d gotten wind of this change a few weeks ago, but now it’s official: Google will be restricting access to non-public APIs in the next version of Android. This means that in Android P and going forward, APIs that are unofficially supported in Android’s SDK will (generally) not be available to developers to use in their apps.
Using unofficial APIs in an app is risky, as it can sometimes cause unexpected issues and lead to bugs and errors when a new release unintentionally changes how the API works.
A new version of Apple’s experimental Safari branch was made available to web professionals late Wednesday, bringing a number of API enhancements and folding in patches for the Spectre vulnerability. AppleInsider – Frontpage News
Chrome 61 was a huge update. Not only did the long-awaited Chrome Home UI (the bottom URL bar layout) finally start rolling out, but it also improved the Google Translate bar and file picker. Chrome 62 isn’t quite the overhaul that 61 was, but it already has improvements to the round Chrome Home UI and enables several new APIs and features.
The past few Chrome releases have only had one or two user-visible changes, with most of the work going into new features that web sites can use. But Chrome 61 has plenty of both, most notably the new Chrome Home UI that is finally rolling out. Let’s dive right in, shall we?
It’s safe to say by this point that the launch of the Pay platforms, like Apple Pay, Samsung Pay and so on, haven’t exactly set the world alight. Usage numbers remain difficult to come by, always a telling sign, and while growth may be slow and steady, it’s not the death knell for banks in the payments industry that so many expected and warned us about. Understandably many are now starting to wonder if the revolution is dead on arrival or simply on pause. See also: Contactless payments just got easier in Singapore The exceptions to this are of course the merchant led initiatives, like…Read More