One of the easiest things for developers to do to speed up their login authentication on their applications was to integrate with Facebook’s login process. Then all a user had to do to submit their data to your application was to click on a “Login with Facebook” button and then they were done.
This was easy because Facebook basically had a little checklist for developers to fill in. If you filled it in right – Facebook gave you the go ahead to use their data for your application. This changed recently and Facebook has implemented a full review process for their “Login with Facebook” functionality.
Why this has happened
Privacy concerns are perhaps the major reason for this. Facebook has been a bit hasty in handing out their users data without seeking their consent.
The new process still allows you to request access for your app to a wide-range of data, but unlike the previous process – such a request is not guaranteed to be met with a favourable response.
Such kind of approach is known in Apple's App Store and it would be interesting to see if Facebook continues to go in that direction.
What has changed
Review times have, of course, increased to meet the new physical review requirements. The stated aim is to deliver the review within 7 business days unless you want to access some special permissions. That process is a longer process and you’re going to be looking at a 14 day review process instead.
For apps created before April 30th 2014, you only have less than a couple of months and after April 30th 2015, only reviewed and approved permissions will be accessible. Apps created after April 30th 2014, do not get the 1 year extension and should be reviewed without delay.
It’s worth noting that Facebook’s special permissions groups are often only aimed at applications that provide Facebook application functionality on platforms that Facebook themselves don’t support.
This is important because it directly affects many applications’ ability to derive data from Facebook – if your app depended on this data – you may well no longer be able to gain access to it in the future. Note that if your app only requests public profile, email and user’s friends basic permission, you do not go through this process.
As with all things Facebook, don’t expect the review process to be a human-centered one. Early reports of this process show that developers are receiving template e-mails around rejections which often lack valuable insight into the reason for rejection.
This is tough but understandable when you consider the huge volumes of reviews that Facebook will have to conduct.
The real advantage
The big advantage to this program is to Facebook’s users who will now be able to expressly define what data they will share with an application. Even if your product passes Facebook’s review process – it will be up to the user to allow you to take their data or not.
That’s probably not a bad thing in the long run. If you’re struggling to get your development team’s heads around this change – it might be best to outsource the first couple of attempts until you’re comfortable with the process.