Pullling the data that your app needed for its stated functionality, exclusively for use within your app, was “fair game”. Pulling anything beyond that, and/or using it outside your app, was absolutely not allowed, ever, on the platform, even at the very beginning in 2007. Allowing it to be analyzed for targeting was never allowed, nor was it the point of the platform. You’re simply wrong.

How do I know this? I developed apps on the platform from 2007-2014 and was always reading the rules and any changes they issued because I didn’t want to violate them and have my app banned. They were exceedingly clear on this issue. Sadly, Obama’s app was allowed to violate these rules and received no ban.

I'd have to dig through the TOS again to confirm my memory on some of this stuff. You definitely could create a custom audience and target your fb app users based on UID.

Unless I'm reading this interface totally wrong

http://www.jonloomer.com/wp-content/uploads/2014/09/create-f...

You used to be able to target ads based on user ID. That option was closed off a few years ago - I was actually awarded a $2,000 Facebook Bug Bounty for spotting a vulnerability that allowed that option even after they shut it off.

But regardless, it was still a developer TOS violation to export user IDs of people that hadn’t personally authorized your app and use those IDs in any custom audience even back when Obama did it. In other words, you weren’t supposed to grab user IDs of friends of your users and use those in custom audiences. In fact at one point, in an attempt to enforce this policy, Facebook stopped returning friend user IDs, and instead gave proxy user IDs that were meaningful only within the API, but couldn’t be used for custom audience targeting. Then they got rid of the target by ID option altogether.