Whenever you authenticate an app in Facebook that can post to your feed, there is a drop down that lets you choose who can see your activity with the app. I always choose "just me" because of actions of apps like this. It's become the norm not the exception to auto share.
Facebook should add a clause to their ToS saying apps must actively ask for permission before posting. Twitter has done this and while there are a few bad smaller players, on the whole you don't see most apps using these spammy techniques.
Facebook should add a clause to their ToS saying apps must actively ask for permission before posting. Twitter has done this and while there are a few bad smaller players, on the whole you don't see most apps using these spammy techniques.