Third-party apps can let hackers into your Facebook account - here's how to check what apps you have installed and how to delete them
One way hackers can attack your Facebook is through third-party apps that you unwittingly might have given extensive access to when you started using the app.
If you suddenly see a Facebook friend posting obvious spam or links to games and websites you wouldn’t expect them to share, there’s a good chance that’s the result of a rogue app abusing the access it’s been given.
There are two types of app you might have enabled on Facebook: the first are apps for other services and devices that you link to Facebook. These include apps such as Tinder, the dating app, which used to require you to link your account to Facebook, and Spotify, which you can still link to Facebook to share what you’re listening to with your friends.
You might also be using Facebook to sign in to third-party apps as a way of avoiding having to remember lots of different passwords for different services. (We don’t recommend this, by the way).
The other type of app you might have allowed access to Facebook are quizzes and games that you play on Facebook itself, such as the ever-popular Words With Friends. Some quizzes are also apps, and you might not even have realised that they were when you started playing them or doing the quiz.
Want some more help with securing your Facebook? Our friendly tech team can help you with one-to-one support on a range of tech issues. Find out more here.
Any third-party app you connect to your Facebook is potentially a threat. Reputable apps such as Spotify or Outlook won’t take over your account, but there are plenty that are less reputable: it’s apps such as the quizzes and games that are the most likely to suddenly start posting links to spam adverts or even malicious websites. However, even reputable apps will be used by Facebook to infer information about you to show you adverts it thinks are relevant.
This is why it’s a good idea from time to time to review the apps that have access to your Facebook and remove any you either don’t recognise or no longer use.
How to check
On a computer (you can’t do this in the Android or iOS app), go to https://www.facebook.com/settings?tab=applications, where you’ll see the apps you have installed and active.
You can click on the blue View and edit option to see what access an app has to your profile. If you want to keep the app active, it’s a good idea to review this.
I had Microsoft's Outlook still active on my account from when I had let Facebook sync my contacts (here's why that's not a good idea), as well as two other apps. If you're not sure whether you want to keep an app, click on View and edit to see what permissions it has.
If you don’t recognise an active app, the safest thing to do is remove it. That blocks its access to your Facebook data. If you realise later that you do need or want it, you can always add it back again.
How to remove an app
If you decide you don't want to keep an app, removing it is simple: tick the box on the right of the app, and then click the blue Remove button. You’ll get a box asking you to confirm that you want to do this: go ahead and confirm it.
You probably won’t have very many active apps, as Facebook tightened up apps’ access to your profile back in 2018. Any apps that you haven’t used for 90 days or more have their access tokens revoked.
Even though those no longer have access to your account, it’s a good idea to delete those apps, too. Although they can’t access data any more, they still have access to the data they could see when they were active.
You can see your expired apps by clicking Expired at the top of the page, and you can review the access they had by clicking View details.
You can also see what apps you've removed from your account if you click the Removed tab at the top of the apps page. As with the expired apps, the app provider might still hold data that you shared with the app while it was active on your Facebook. If you click on the blue View details, you'll see a warning to that effect, your user ID with the provider, and a link to the provider's data policy.
If you want to get the third party to check for and remove any data they hold about you, you'll have to go through their separate processes. In the meantime, however, removing apps from your Facebook will reduce the amount of data you're sharing between Facebook and other websites, and help protect your account.