Facebook is significant platform for third-party developers to run written applications in order to provide users extra functionality and services. Third-party applications (TPAs) access to user’s profile and exchange their information. In doing so, this may lead to information leakage and privacy risks. Although Facebook has control over third-party applications, it still lacks control in the existing mechanisms. The aim of this paper is to investigate how to hinder TPAs from accessing user’s private information while still sustaining the functionality of the applications. To address privacy and functionality simultaneously, this study suggests a classification framework providing mechanism in controlling TPAs access to the users’ data residing on Facebook. The improved framework allows TPAs to utilize some of users’ data according to their classification authority to mitigate users’ information leakage.