For those of you with software development backgrounds, you can learn about the Graph API, which is the application programming interface into the Facebook spying database. Apps can use this to gain much information – for apps created prior to 2012 and in operation as late as October 2017, these tools could lift far more data than today, including from those on your “friends” l ist.

More detail about the various operations you can perform with the Graph API

Source: Using the Graph API
Exactly what data is now available depends also on the privacy settings of each user. Traditionally, default Facebook settings were for minimal privacy – hence, apps could get access to most everything.
Facebook also provides a “Public Feed API“. This enables apps to collect all status updates that are published with a “Public” anti-privacy setting. If a user later changes a post privacy setting from Public to a more private setting, third party apps are supposed to go back and honor that change within 24 hours. But this is not enforced.
I am absolutely sickened by what I have learned that Facebook and their partners were and still are doing to all of us – and straight up lying to us about what they were doing.