Element in Facebook SDK allows thousands of apps more information than needed

The folks over at XDA have made another important discovery in the world of mobile technology, a major flaw in the Facebook SDK (basically the building block codes used to allow apps to communicate with your Facebook account). The problem stems from the SDK being used in mobile apps (for example say you have a mobile game that allows you to connect it to your Facebook account and share your score on your wall) that releases an important token which basically exposes your account every time that particular app wants to connect to your account. To simplify, when connecting a third-party service to your Facebook account you usually get a warning stating which parts of your account will be accessible, and it’s a limited amount of your account, the token problem is that it exposes much more of your account than needed.

The team over at Facebook investigated and fixed the error, but there’s still a huge problem. Any app that is still using the old SDK still has this problem, any app that is using the updated version of the Facebook SDK should be in the clear. This means that thousands of apps have to be updated by developers, which is no easy task.

For those of you on Android there is a way to find out if you’re a victim of this flaw (and it is easy to become a victim of this flaw if an app that you allow to connect to your Facebook account), developer VictorVIEUX has released an app in Google Play which you can find here, the app basically searches your phone for any type of app that exposes your token.

What if there is an app you love and it has the token problem, what can you do? For starters, uninstall it, notify the developer to fix the problem and rescan your phone with VictorVIEUX’s app to see if the problem was fixed, also tell your friends, spread awareness. Let’s face it, we all know at least one person who is obsessed with sharing their entire too much of their life on Facebook.

Source: XDA-Developers

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *