Enhancing our developer insurance policies to strengthen platform integrity
Today I’m excited to announce two improvements to our Developer Guidelines. Both changes are intended to further strengthen the integrity of our platform and provide developers with additional clarity and detail.
First, we’re updating our developer implementation policy for Facebook login, including requiring all apps to implement session validation checks. The updated policy now requires all apps (including web, mobile and hybrid) that use the Facebook manual login flow to check the validity of the session every 24 hours and log users out if it is no longer valid. Routine checks for valid sessions help reduce the risk of account compromise and increase user security on all platforms. Apps that use our software development kits (SDKs) to activate the Facebook login automatically check the validity of the session. Previously, developers with native iOS and Android apps that implemented Facebook login had to use our official SDKs.
To strengthen our ability to review platform apps on an annual basis, we’re next introducing a new policy that specifies which app stores are supported for Facebook apps. This new policy contains a list of supported iOS and Android app stores. If you’re a developer, you need to make sure your app is listed in at least one of these app stores. To review or update this information for one or more of your apps, please navigate to your Developer Dashboard (under Basic Settings> Add Platform) and check that your app is listed in one of the accepted stores by September 24, 2021 .
As always, we appreciate your continued partnership and collaboration as we take these additional steps to protect our shared ecosystem and platform.