Facebook’s Mobile App Can Put You at Risk

We use the apps on our smartphones without any thought as to how it could negatively affect us. As long as our smartphones remain in our possession, we’re not at risk of having information stolen, right?


Recently, a security flaw has been found in Facebook’s mobile apps. The app for Android and iOS devices does not encrypt a user’s login information. Because of this, thieves can easily access the apps if they’re in search of personal information about you.

All a thief has to do is hook your phone up to a USB cord for less than two minutes, and they will have your information pulled like that. If you leave your phone at your desk or in your purse on the floor of a restaurant, someone can easily snatch it, take your information, and put the phone back without you even noticing.

But it gets worse

This flaw was discovered by Gareth Wright, a UK-based app developer. Wright claims that he was playing around with application directories in his phone with a free tool. During this time, he found a Facebook access token inside a game.

He then used the code from the token and was shocked to see all of his Facebook information appear. Wall posts, private messages, liked websites—all of this information was pulled from the directory of another game.

Wright then went straight to Facebook’s app and looked around its directory. Every app contains a plist, which is a plain text file that has the user’s settings. Inside the Facebook app’s plist was an unencrypted key, and this key gave whoever had access to the directory a view of his full Facebook account.

Wright informed Facebook about his findings, and they are currently working on fixing it, but this may not be enough. Even if Facebook does something about their own app, a user’s information can still be pulled through game plists that contain plain text tokens.

These tokens are used by games so that they can create advertisements aimed directly at you, but if this information falls into the wrong hands, you could be at risk.

So many people put so much personal information on Facebook that it can be easy for someone to steal their identity from the information they gather. They will know names, addresses, where you went to school, where you work, names of family members and friends as well as other personal info. Basically anything that you have on Facebook or any action you have ever taken on Facebook (liking websites, etc.) can fall in the hands of a stranger.

Though Facebook claims to be working on a fix, we won’t know for sure until they announce it. Either way, their fix will only fix a Facebook issue, not the tokens assigned by other games. If you want to be safe, you should consider watching the information you post on Facebook. It could save you from having your identity stolen.


Charlie Adams is a social media expert and technological whizz who enjoys spreading his electronics knowledge with the world. To reward himself for working hard he recently indulged in a Bahamas vacation package and plans on enjoying his first experience with an island resort.

Image Credit:  Mehfuz Hossainelhombredenegro

2 Responses

  1. Shazbhatt says:

    I noticed something similar too when my FB app logged me out and I couldn’t remember my password – clicking on help took me to a screen (with Help options) which had the button for viewing the news feed part of FB – I clicked on this and it let me back into my FB account without logging in…! worrying.

  1. April 13, 2012

    […] information about you. Facebook claims to be working on a fix. Learn more about the flaw at DreamGrow, in an article by Charlie […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Turn content into leads & sales!

Sign up and get the latest information

Sign up for free updates!