<< by on July 20th, 2011
Facebook exposed: Even if you remove administrators to your Facebook page, they still may have access to edit, change, or delete apps as developer administrators.
Last week, @ReneeRevetta and I were researching and experimenting with Facebook Iframes to create customized landing pages and tabs. I went onto the Facebook developer page and noticed I was listed as an administrator of a Facebook page I had access to three years ago. I am not currently an administrator on the page on the Facebook interface, but am listed as an administrator on the Facebook developer page. Hmm… something is not right. This means Facebook has continued to grant me access to development and create new tabs, applications and landing pages for a page that I am no longer an administrator for on the Facebook interface. Potentially even worse, I still have access to delete apps at will. In my case, I was an intern for the company and was happily employed. However, for the case of a disgruntled former employee, this could be a major issue for the company or organization.
I am shocked that access is not removed on both the front and back end of Facebook at the same time when you remove administrators on your Facebook fan pages. If Facebook managers and administrators are not developing new pages and tabs for their fan page, they may never know about the discrepancy between active administrators. Please note we did notice that this may only be an issue if apps were developed at the time when you had access. Pages I currently am an administrator to without apps were not listed and I would have to create new apps for those to appear on the developers page.
I did remove myself as an administrator to this page, but I would suggest going through to check whether previous employees or interns who had access to your fan page are still listed as administrators on the Facebook developer page.
Here’s how to remove access from the Facebook Developers page:
1. Login to Facebook and navigate to: https://developers.facebook.com/apps
You may have to allow Developer’s request for permission:
2. Click on the application on the left if you have more than one listed.
3. Select “Edit” on the right of the Roles section to view the complete list of administrators.
4. Select the X next to the administrator you want to delete or choose “Add” on the right to allow additional users.
I hope this helps! Comment below or find me on Twitter @Lokitis if you have any additional questions.