# An App Review Study Case

Important - Why Facebook requires the App Review

After the Facebook–Cambridge Analytica data scandal, Facebook implemented a process to declare the ownership of domains, Pages and Groups: the App Review process. It ensures that the author is who claims to be and restricts what is going to do.

We, our products and our services adhere to the same quality guidelines to protect the ownership, the privacy and the security of the connection between your site and Facebook.

Our packages provide a complete open-source solution to integrate your site with Facebook directly. At any time, you can fully audit and manage the source code and the information submitted to Facebook, keeping the security, confidentiality and privacy under your control.

We don't provide proxy services or middleman services. As a consequence, we don't receive information about your Facebook account, and you don't need our assistance for publishing. We don't offer shortcuts to underwhelm the quality of your site and the information published to the Facebook Platform. If a third party provides a service "without the creation of an App and the App Review", be sure that you are going to be misrepresented and granting access to your account to external actors; at risk of being banned on Facebook.

As a consequence, we recommend the following procedure to create your Facebook App.

In the process to configure the Facebook integration of your site, you must create and configure a Facebook App as described in How to AutoTweet from Joomla! to Facebook.

Once you have created your app, you can configure your extension and test it with a Test App in development mode. Before change the app status to live, Facebook requires an App Review to authorize it.

INFO

What is App Review? App Review is a review process that Facebook uses as a way to ensure the best possible Facebook experience for your app's audience. The app review process aims to help people feel in control of how your app is using their data by requesting only the permissions your app needs to provide a great user experience. For more information, click here.

According to Facebook Documentation, for each permission you need to:

  • Explain how your app uses this permission to create a great user experience.
  • Provide step-by-step instructions on how to reproduce that experience when we test your app.
  • Also provide all necessary passwords (yes, Facebook requires access to your site to review the system), test user credentials and links to staging servers to successfully login with Facebook.
  • Provide a screencast.

To prepare the submission of the App Review, you have to create a Test App and publishing a Post from the Composer to your Page. The post publishing will be recorded on a video screencast and this information will be submitted for the App Review.

Test users

We recommend to create a test user in your website, with access only to the AutoTweetNG/Joocial component. You will use it to record the screencast. Also, Facebook testers will use this user to test the App functionality.

TIP

Be sure to prepare the materials required in the App Review with the latest AutoTweet or Joocial versions; they contain minor Facebook branding adjustments to comply with the requirements.

Looking for an installation / personalization service?

Our Installation Service is the product of dedication, experience, knowledge and a customer-focused mindset. We have prepared this detailed tutorial, and we can guide you to make the App Review materials for your site.

# STEP 1: Create a Test App

We recommend creating the Test App version of your App to configure and test your site integration. The activity on Facebook generated with a Test App will only be shown to the App team. This Test App will be a clone of your app, but with a different App ID and App Secret. You have to use these Keys to create, authorize, test the channel and publish testing posts while you are preparing the App Review submission.

Login at https://developers.facebook.com/ with your Facebook username and password. Go to your apps, select Create a Test App.

STEP 1: Test App

# STEP 2: Detailed description

Facebook requires a detailed description of how the app uses the permission or feature requested. This is an example of the description:

Tell us how you're using this permission or feature:

# STEP 3: Step-by-step instructions

Facebook requires step-by-step instructions. This is an example of the instructions for testing the app. Please, follow exactly the same steps to record the video on the next step.

# New Apps created after 2020-05-05 - API 7

# Apps created before 2020-05-05 - API 6 or lower

TIP

Since you have to provide a username and password for Facebook testing, we recommend creating a user with access only to AutoTweet/Joocial component.

# STEP 4: Record the screencast

Facebook requires a screencast. We recommend recording all steps of the process as described above.

TIP

  • The Test App allows the authorization of permissions and post publishing to prepare the App Review. The video must be recorded with the Test App (NOT with the Live App). Once Facebook approves your use case, then you can create a channel based on the Live App.
  • In our video, we have a text file with the post elements already written. Then, we show slowly how we copy and paste each part for the test to compose the post and publish it. We recommend recording a video with a similar procedure to show in detail how the post is manually created and published. The auditor does not know the tool so the video must clearly show each step at a slow pace.
  • If you have already authorized the Test App, remember to deauthorize it before the recording to show the full authorization and post-publishing process. Ref: Facebook Channel Re-Authorization.

This is a real-case screencast:

An App Review Study Case - Real-case screencast

An App Review Study Case - Record the screencast

NOTE

The Facebook login button appears in Step 2, Authorization. This step is important for the App Review since it shows the Facebook Brand and how the permissions are authorized.

# STEP 5: Submit your App Review

Go to App Review to add permissions:

  • Permissions added by default: "email", "public_profile". You can find them in My permissions and Features

  • Required Items for Groups channel: "Groups API" (this is not required for Pages access - do not include it unless you are going to use it).

  • New Apps created after 2020-05-05 - API 7: - Required Items for Pages channels: "pages_manage_posts", "pages_read_engagement".

Go to Add additional permissions and features and request the permissions "pages_manage_posts", "pages_read_engagement".

An App Review Study Case - Submit your App Review - Add permissions

An App Review Study Case - Submit your App Review - Add permissions

Select continue and complete the form filling the information required for both permissions:

  • Tell us how you're using this permission or feature: Detailed description from STEP 2 - API 7

  • Show us how you're using this permission or feature: upload the screencast

An App Review Study Case - Submit your App Review - Description and screencast

  • Demonstrate how your selected platforms will use this permission or feature: select "Web: on" and complete with the Step-by-step instructions from STEP 3.

An App Review Study Case - Submit your App Review - Step-by-step

Go to Provide verification details and complete with test user credentials for your website and for Facebook account.

An App Review Study Case - Submit your App Review - App Review / manage_pages

Apps created before 2020-05-05 - API 6 or lower

Go to Add additional permissions and features and request the permissions "publish_pages" and "manage_pages".

An App Review Study Case - Submit your App Review - Add permissions

An App Review Study Case - Submit your App Review - Add permissions

Select continue and complete the form filling the information required for both permissions:

  • Tell us how you're using this permission or feature: Detailed description from STEP 2 - API 6 or lower

  • Show us how you're using this permission or feature: upload the screencast

  • Demonstrate how your selected platforms will use this permission or feature: select "Web: on" and complete with the Step-by-step instructions from STEP 3.

Go to Provide verification details and complete with test user credentials for your website and for Facebook account.

An App Review Study Case - Submit your App Review - App Review / manage_pages

Submit the app for review.

A few more tips:

  • To minimize the risk of getting rejected, ensure you have a valid use case. We encourage you to provide high quality instructions for us to reproduce the experience, as well as a screencast that clearly demonstrates the end-to-end experience. If your app is server-to-server and has no user interface, refer to our Server-to-Server Apps document for App Review instructions. - https://developers.facebook.com/blog/post/2018/07/02/app-review-deadlines-approaching/
  • FAQ: Server-to-Server Apps. If your app has no user interface because it exchanges data directly with our APIs, refer to this guide when configuring your app's Basic Settings, and when completing App Review. - https://developers.facebook.com/docs/apps/review/server-to-server-apps

# STEP 6: Business Verification

If Facebook requires a Business Verification, the following information must be provided to complete the process:

Business Verification - Step 1

Business Verification - Step 2

As part of the Business Verification process, an agreement with Supplemental Terms must be signed:

Business Verification - Step 3

Business Verification - Step 4

Business Verification - Step 5

# STEP 7: The review has been completed

Once the previous steps are completed, the final confirmation email will have a link to the result of the App Review:

Facebook App Review Approved Items

  • UPDATE 2018-07-27: At this time, the Apps Reviews are taking on average 1 week.
  • UPDATE 2020-05-05: Apps created after 2020-05-05 must request these permissions pages_manage_posts and pages_read_engagement.

At this point, you can switch the App to Live Mode, and create and authorize the channel.

# Concerning to Facebook Groups channels

WARNING

Facebook Groups have been in the middle of the Facebook–Cambridge Analytica data scandal. As a consequence, Facebook Groups Permissions are restricted, and more scrutiny is expected in the App Review. Additionally, the recent Facebook API updates have not updated any aspect of the API related to Groups, and the documentation shows inconsistencies; so, it is possible that Facebook in the future will close the Groups API.

From the technical point, the process to request the Groups Permissions (publish_to_groups,groups_access_member_info) is the same than the Pages permissions. Please, enable the Include Groups setting and proceed with the rest of the steps as shown in the previous procedure.

Facebook - Include Groups

Due to the recent group permissions changes, Joocial/AutoTweet v8.22.1 or superior is required.