"Following a public comment period, the FTC has accepted as final a settlement with Facebook resolving charges that Facebook deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public," the commission stated in the press release.
"The settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including by giving consumers clear and prominent notice and obtaining their express consent before sharing their information beyond their privacy settings, by maintaining a comprehensive privacy program to protect consumers' information, and by obtaining biennial privacy audits from an independent third party."
Among the things that FTC's investigation has unearthed is the fact that Facebook's App Verification program, established and closed within six months in 2009, was a complete sham.
"Designed to offer extra assurances to help users identify applications they can trust - applications that are secure, respectful and transparent, and have demonstrated commitment to compliance with Platform policies," the program required developers to pay from $175 to $375 to have their app verified.
But, "contrary to the statements set forth in Paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a Verified Application’s website or the security the Application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application," the commission found.
So, in fact, Facebook earned thousands of dollars by simply appending the green checkmark to the apps in question. And while the developers in question at least got a more prominent spot for their apps, Facebook users used them and believed themselves to be perfectly safe.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.