We’ve been working a ton over the past several months.
In the process of preparing for the release of an update packing a few awesome new features, we ended up discovering something pretty alarming.
It comes down to this: we’ve stumbled upon a way where pretty much anyone with a little bit of technical know-how could make it impossible for you to revoke an app’s permission to access your information.
In that event, if you tried to do so, you’d be faced with a screen that looks like this:
So what’s the big deal about this, exactly? Don’t get us wrong: we’re kinda proud of ourselves for finding a quirk in Facebook’s code, but that’s not actually why we care so much. The problem with this is that it’s actually a worldwide vulnerability.
Think about it like this: you download an app that promises to do one thing, but actually comes from a hacker who wants to seriously invade your privacy by mining your data. Given the right coding, this developer could trigger the same effect, basically making it impossible for a user to disconnect this malware app and revoke its permission to access your personal information.
Considering that nearly half of Facebook’s users now access Facebook almost exclusively from their mobile phone, that’s a big deal — it’s potentially putting at risk a large group of people who won’t ever go to the desktop site to remove a data leaching app.
We’ve reached out to Facebook and they’re taking care of this promptly.