At Facebook's last week f8 conference, founder and CEO Mark Zuckerberg (in the picture) announced that the company is removing restrictions on user data retention within Facebook applications. Previously, Facebook had a policy where developers couldn't store and cache any data for more than 24 hours. Therefore, apps had to constantly connect to Facebook's server in order to refresh their data. Not anymore.
The change is good for developers, but it is a terrible news for the privacy of users.
The new policy brings to light another thing user does not know: Facebook application access your personal data, that is, almost everything which is on a user profile, including hometown, groups you belong to, events attended, favorite books, and more. In other words, your Facebook profile information becomes available to developers.
The indefinite storage makes Facebook apps "far more valuable targets for attackers". Just imagine, for instance, the payload for hackers targeting Farmville, Facebook's most popular app, with 81 million users. With 500,000 supported applications, Facebook doesn't have the resources to police the apps they house. Overall, Facebook touts 400 million users.
Respected online news service ReadWriteWeb.com says "to the end user, these changes may sound overwhelming and even scary". "But there is something very easy everyone can to minimize their risk and that's delete the Facebook application you no longer use."