Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Ou
#1
[Image: Facebook-su.jpg]


Quote:The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal.

"Grants full access to your device," read the prompts while asking users for superuser permissions.

Prompts originate from the official Facebook app
These popups originate from the official Facebook Android app (com.facebook.katana)" and are started appearing last night [UTC timezone], continuing throughout the day.

Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advise or what's going on


This is not the first time that the Facebook app has requested superuser permissions. Facebook users reported similar superuser request prompts on May 8, albeit that event wasn't as widespread as the one today.

Users reported seeing the first wave of superuser request dialogs with the Facebook Android app 172.0.0.12.93, while today's second wave appears to have been triggered with v172.0.0.66.93, based on user reports.

Bleeping Computer has reached out to a Facebook spokesperson to clarify why users are seeing these popups today, but we have not received a reply before this article's publication.

Most likely a coding error
Several Android security researchers who spoke with Bleeping Computer suspect the popups are appearing because of a coding error.

Avast mobile security researcher Nikolaos Chrysaidos has taken a look at the Facebook app's source code and believes the offending party is an SDK (software development kit) embedded in the Facebook app.

The package that appears to be triggering the superuser popup is the WhiteOps SDK, a software development kit for detecting ad fraud and implementing domain white/black-lists.

"Yes, it could be a coding error. Most possible yes," Chrysaidos told Bleeping Computer in a private conversation today. "The dialog started popping up on users that are in the beta channel."

"Along with other various checks. Facebook is probably integrating WhiteOps SDK, and they forgot to re-implement the ROOT checking functionality," Chrysaidos says.

If there was a time for Facebook developers to screw up their code, this is about the worst time to do so. With all the privacy implications of the Cambridge Analytica scandal, users are now piling up new paranoid accusations with every new angry tweet and forum reply, blaming the social network of new nefarious spying attempts.

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Facebook makes key Instagram security tool Pysa available to users dhruv2193 1 1,719 11-25-2023 , 09:16 AM
Last Post: Patrick77
  Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam mrtrout 2 1,009 05-29-2023 , 03:41 PM
Last Post: Kai Brooks
  Android malware infected 300,000 devices to steal Facebook accounts tarekma7 0 465 12-05-2022 , 04:04 PM
Last Post: tarekma7
  Android apps exposed data of millions of users through cloud authentication failure mrtrout 0 1,068 05-21-2021 , 12:58 AM
Last Post: mrtrout
  533 million Facebook users' phone numbers and personal data have been leaked online SALAMA Youssef 0 1,342 04-04-2021 , 09:47 PM
Last Post: SALAMA Youssef

Forum Jump:


Users browsing this thread: 1 Guest(s)