The company announced the news Friday as a progress report on its efforts that began in March 2018 as a response to the 2016 scandal involving Cambridge Analytica, the analytics firm that harvested up to 87 million user accounts. After reviewing “million of apps” and suspending thousands, Facebook also has completely banned “a few” others for inappropriately sharing data, making data publicly available without protecting users’ identities, or violating Facebook’s other policies. 

The company did not clarify whether any user data was compromised, only saying that its investigation is “by no means finished.”

“We have not confirmed other instances of misuse to date other than those we have already notified the public about, but our investigation is not yet complete,” reads a blog post by Ime Archibong, vice president of product partnerships. “We have been in touch with regulators and policymakers on these issues.”

The update comes as Facebook tries to improve its privacy practices, a problem the company has struggled with for several years. Following the Cambridge Analytica scandal, Facebook suffered a security breach that exposed the accounts of 50 million users in 2018, and a leak that included the phone numbers of more than 400 million users this year. The company was hit with a record $5 billion fine from the Federal Trade Commission in July for how it managed user data. 

On Friday, Facebook said that as a part of the agreement with the FTC, developers will have to annually certify compliance with the social network’s privacy policies. Developers that don’t follow the rules “will be held accountable,” according to the blog post.

The apps that have already been suspended were associated with 400 developers, the company said. And they didn’t necessarily pose a threat, since many were still testing and never went live.  

Facebook said the ongoing review is of all apps that had access to large amounts of information before the social media company updated its policies in 2014. The investigation initially identified apps based on how much data they could access, but has since expanded to cover apps based on traces of policy abuse. In cases where there has been possible policy abuse, Facebook conducts a “more intensive examination” that includes a background investigation of the developer and a technical analysis of the app’s activity. 

One of the apps that was banned was called myPersonality, which shared information with third parties and had “only limited protections in place,” according to Facebook. The app developer then refused Facebook’s request for an audit. 

As part of this review, Facebook also filed several legal actions against companies including Rankwave, a South Korean data analytics company that didn’t cooperate with the investigation. Facebook also went after LionMobi and JedMobi, companies whose apps infected users’ phones with malware in a “profit-generating scheme,” the company said. 

Meanwhile, Facebook said it has also removed a number of channels developers use to access data, expanded its investigation and enforcement teams, created sticker data access rules for developers, and cracked down on policy violators. 

More must-read stories from Fortune:

—The cheapest mobile plans for your iPhone 11

—The second episode of the Bill Gates Netflix documentary is the one to watch
—‘Security’ cameras are dry powder for hackers. Here’s why
—You can now pay cash when shopping on Amazon. Here’s how
—‘Call of Duty: Mobile’ launching Oct. 1
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.