how to prevent facebook authentication popup from saying I will receive user's friends list

Question

Facebook says to my users, during the app authentication popup, that I (my app) will receive the user's friends list

[My app] will receive the following info: your public profile, friend list, email address and birthday.

even though my login button is only:

<fb:login-button scope="email,user_birthday">

The documentation says

A user access token with user_friends permission is required to view the current person's friends.

but I didn't ask for user_friends. How do I prevent it from saying "friend list" so as not to scare away my users?

Answer 1

The user_friends permission is part of the "Basic Permissions" or "Basic Info" - i.e. those permissions which are included by default when a user connects to your application.

From the FB docs on this:

Basic info is part of every request for permissions. It includes several elements from a person's public profile and a list of their friends.

A user's friends can individually control if they want their information available to the applications of friends by adjusting their own privacy settings.

Since this is the default behaviour, I think that if your users are accustomed to using Facebook applications then they will not be scared away by this - if they have installed an application before then they will have seen this before.

Unfortunately, at the moment you cannot prevent it from saying friend list.