Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Facebook Android App
Posted by: thrill
Date: December 17, 2011 06:12PM

Been meaning to write something up about this for a while but have been busy, you know, living life.

Most of you may be aware of their Android app, but what you might not be aware is that it has a pretty big privacy issue.

The app never logs you (or the person who last used your phone to log in) out.

Example:

Have someone log into facebook from your phone, and then promptly log out.

Go to a local strip club, take a picture of a 'dancer' with your phone and tell Android that you want to 'share it' on facebook.

Profit!

The picture is uploaded without any authentication/authorization. It just uses the same credentials that were used previously to upload the image.

Safe, ain't it.

I haven't fiddled with the OS enough to figure out whether these credentials are kept in cleartext or not, but I doubt the geniuses and privacy advocates at FB would much care if it were.. no one can hack into a phone anyway.. right? ;)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Facebook Android App
Posted by: VMw4r3
Date: December 31, 2011 04:28AM

Theres a similar issue with the fb app on the iPhone.

Occasionally my daughter would use my iphone to login to her fb,but

when she logs out and I logged back in I was getting my fb mail and chat

but the home page (status updates) was still logged in as her. I havent

tried it in a few months since the old app layout.

Options: ReplyQuote
Re: Facebook Android App
Posted by: thrill
Date: January 06, 2012 09:49PM

Well, on top of my old issue I just found a new one.. I deleted my account (or so I thought) a few months ago and had not logged back in.. it turns out though that when my gf uploaded a new picture using FB, it ended up downloading my old profile picture onto my phone.. if I deleted it a while ago, why does it still my old profile picture? and worst of all, why is it automatically updating my contacts and replacing my picture with the one they had???

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Facebook Android App
Posted by: thrill
Date: January 07, 2012 11:55AM

Just found out that the breach is even worse.

The picture that changed wasn't from my old profile picture, it is my gf's profile picture. The android app also found it necessary to download all her contacts and their details to my phone. At first it had just downloaded the info, but as soon as you want to take a look at one of them, the app goes ahead and downloads their pictures as well.. without logging in.. nice..

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Facebook Android App
Posted by: pridsr4
Date: December 22, 2013 03:32AM

Thank you for the great offer.

????????????????????? sbobet ??????????? ????????????????????????????? sbobet ???????

Options: ReplyQuote


Sorry, only registered users may post in this forum.