Has your Facebook Android app been acting strangle lately? User reports indicate that the app has been users for superuser (root) permissions which grant Facebook full access to users’ devices. The superuser prompt says “Grants full access to your device” and not surprisingly, users started panicking over the unexpected and unnecessary root prompt. Several discussions were initiated on Reddit where users shared their experience and contempt.
It appears that the pop-ups come from the official Facebook app for Android and started showing up last night in UTC time. However, this is not the first time the app has acted this way, as indicated by various Reddit posts with different dates.
Facebook Asking for Superuser Access. So, What Is Going on?
According to multiple users, the first batch of superuser requests was triggered by the update of Facebook Android app 18.104.22.168.93. The latest complaints were likely triggered by v22.214.171.124.93, based on the experiences shared over the internet.
Security researchers believe that that the superuser prompts are a result of coding error. Avast mobile security researcher Nikolaos Chrysaidos investigated a bit and believes believes the issue stems from an SDK embedded in the Facebook app. More specifically, he believes that the prompts are triggered by WhiteOps SDK, a software development kit for detecting ad fraud and implementing domain white/black-lists.
“Along with other various checks. Facebook is probably integrating WhiteOps SDK, and they forgot to re-implement the ROOT checking functionality,” the researcher said.
Facebook Makes Mistake after Mistake
Nevertheless, this is the worst time for Facebook to make such a big mistake, with the Cambridge Analytica scandal, the forthcoming GDPR, and the overall increasing privacy concerns of individual users.
Mentioning (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/facebook-android-app-asks-superuser-access/