Enhancing our developer policies to strengthen platform integrity

Today, I’m pleased to announce two enhancements to our Developer Policies. Both of these changes are designed to further strengthen the integrity of our platform, and provide additional clarity and detail for developers.

First, we’re updating our policy regarding how developers implement Facebook Login, including a requirement for all apps to implement session validity checks. The updated policy now requires all apps (including web, mobile and hybrid) that use the manual Facebook Login flow to check the validity of the session every 24 hours and log users out if it is no longer valid. Routine checks for valid sessions help to mitigate the risk of account compromise and also increase user safety across all platforms. Apps that use our software development kits (SDKs) to enable Facebook Login automatically check for session validity. Previously, we required developers with native iOS and Android apps that implement Facebook Login to use our official SDKs.

Next, in order to strengthen our ability to annually review platform apps, we’re introducing a new policy that specifies the supported app stores for Facebook apps. This new policy includes a list of supported iOS and Android app stores. If you are a developer, you'll need to ensure that your app is listed on at least one of these app stores. To verify or update this information for one or more of your apps, please navigate to your Developer Dashboard (under Basic Settings > Add Platform) and validate that your app is listed on one of the accepted stores by September 24, 2021.

As always, we’re grateful for your continued partnership and collaboration as we take these additional steps to protect our shared ecosystem and platform.