From preprint of research paper:  "Our deployment of CanaryTrap to monitor 1,024 Facebook apps has uncovered multiple cases of misuse of data shared with third-party apps on Facebook including ransomware, spam, and targeted advertising." [Farooqi et al.]

As covered by VentureBeat:

"In light of their findings, the researchers argue Facebook should mandate that developers implement data deletion request callback into their apps, which would be a user-friendly mechanism for requesting deletion that could help the network audit compliance. 'Third-party apps on online social networks with access to users’ personal information pose a serious privacy threat,' they said."

and ZDNet.