Developers who fail to migrate their applications, including tab applications, to OAuth 2.0 and HTTPS protocols will result in users not being able to view or use the applications.
Both OAuth 2.0 and HTTPS are security protocols. HTTPS uses a Secure Socket Layer (SSL) or Transport Layer Security (TLS) as sublayer under regular HTTP application layering and protects against eavesdropping and man-in-the-middle attacks. Meanwhile, OAuth enables users to grant third-party access to their web resources without sharing their passwords.
Ryan Lim, business director at Blugrapes, said this move will make Facebook a more secure space, and prepare the platform for F-commerce (Facebook commerce). It will also ensure the data privacy of Facebook users, he said.
“The impact of the 1 October migration would be that Facebook applications which do not comply with HTTPS will be placed on sandbox mode and will no longer appear visible to users. Potentially disrupting some campaigns,” he told Campaign.
As of midday on September 30, there were still a number of Facebook pages with incompliant applications.
In May, Facebook announced that all apps on Facebook would need to support OAuth 2.0 and HTTPS, and that the upgrades would need to be completed by 1 October.
All apps, including page tab apps, must migrate to OAuth 2.0 for authentication, while the old SDKs, including the old JavaScript SDK (FeatureLoader.js) and old iOS SDK (facebook-iphone-sdk), will no longer work.
In addition, iframe Canvas and Page Tab apps must support HTTPS and provide a secure canvas or secure page tab URL.
Liam McCance, business development director at Vocanic, noted that this move would allow users to feel more comfortable and protected when transacting on Facebook.
“There is a pop-up window to remind developers to change to a secured browsing system and the question is whether they have taken the security search,” he added.
