Report: Facebook security flaw endangers iOS and Android users

Tools

Facebook users who access the app via Google's (NASDAQ:GOOG) Android and Apple's (NASDAQ:AAPL) iOS platforms may be subject to a security flaw that would allow unauthorized parties to access unsecured personal information.

U.K.-based mobile app developer Gareth Wright discovered the issue while looking through application directories on his phone. From there, Wright was able to access any information available on his Facebook account. A potential hacker, he explains on his blog, would simply need to access a user's plist, which is a text file that stores a user's information and settings.

The hacker could then copy that plist to his or her own device and be able to access a user's Facebook account whenever the user logged in, even on another device. The hacker could also use the plist to log in to other apps or websites that allow you to log in via Facebook.

Wright tested this theory by sending his plist to a friend and watched as unauthorized content quickly appeared on his wall, proving his theory. In all, Wright said he discovered five main security flaws backing his assertion.

At the time of publishing, Facebook had not responded to a request for comment. Wright said the company is aware of the security threat and is working to fix the problem.

This news follows the brouhaha with Path in February. Path came under fire for uploading its users' contact information and address books to its server as a plist. The company later issued a patch to fix this issue.

For more:
- see this ZDNet article
- see Gareth Wright's blog

Related articles:
Android apps can access smartphone user's photos too
Report: Apple loophole gives iOS developers access to user photos
Report: Google bypassed iPhone privacy settings to track web users
Amid privacy uproar, Apple promises to detail app permissions
Path admits mistake, allows users to opt out of contacts database