Slashdot Mirror
Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.
No need to be freak outing. Just grant access for Facebook. Nothing could go wrong.
The Facebook
Is Your Friend
Trust The Facebook
I'll see your senator, and I'll raise you two judges.
I don't know if it's algorithmic, or if most of my close friends just hardly use facebook anymore, but it seems like I just rarely see anything anymore in my feed anymore that I care about. It also seems weird that what does appear is generally from people I'm very faint acquaintances with -- if I am curious about one of my actual friends I pretty much have to go straight to their profile.
Besides that though, I think it just encourages behaviors I don't really enjoy seeing in my friends. I definitely know people who in real-life are totally cool, but their social media presence makes me question why I ever liked them in the first place. Mostly I see a lot of:
1) very overt attention seeking for pretty lame things (like, pretty girls posting selfies of themselves doing nothing interesting, or dudes with gym photos, that kind of thing) 2) Extremely broad and poorly thought out political rants 3) sharing really vapid motivational quotes 4) people being maybe a little too vulnerable to a very broad audience, to the point where it's awkward. 5) This one is the worst of all. People taking passive aggressive swipes at individuals by posting very vague status updates. I hate stuff like that.
I don't think of myself as a super judgmental person, but whenever I get on facebook I spend half my time just thinking "really?" and then feeling kind of gross.
Of COURSE it needs root.
All the better to strip you of your privacy, my pretty! [FUCKERBERG CACKLES MANIACALLY]
Don't. install. Facebook.
#deletefacebook
Literally. Just remove that shit from your phone already! Then go out and do something more constructive with your life, rather than lazily scrolling through other people's "The best ..." life moments.
What went wrong is you didn't #deletefacebook.
"National Security is the chief cause of national insecurity." - Celine's First Law
It's really no big deal. What other data could they possibly collect that they don't have already? They have your location at every second of the day. They have all of your contacts. They have all of your emails and text messages. What else could they get that they don't have, already?
I don't respond to AC's.
"Nobody will ever need more than 800,000 volts"
-- Nikola Tesla
Facebook users have already granted Facebook access to their life, and even parts of the lives of people around who are trying to stay out of its clutches, to boot. There is very little Facebook does not collect about you.
Why the crocodile tears when Facebook users are the ones who have voted in surveillance clusterfuck?
I'm most surprised that someone with enough technical merit to root their phone, would install the FB app to begin with.
The app already asks for every single permission available.
Only the State obtains its revenue by coercion. - Murray Rothbard
This app has access to: Contacts read your contacts Location approximate location (network-based) precise location (GPS and network-based) Photos/Media/Files read the contents of your USB storage modify or delete the contents of your USB storage Storage read the contents of your USB storage modify or delete the contents of your USB storage Wi-Fi connection information view Wi-Fi connections Other receive data from Internet view network connections allow Wi-Fi Multicast reception connect and disconnect from Wi-Fi full network access change your audio settings run at startup control vibration prevent device from sleeping
I got rid of any app that basically just mimics going to a website.
While I still use facebook (though at a limited capacity). I was tired of the app draining my battery, but also was very wary of all the stuff it was trying to get access to.
But in general I don't understand installing an app for a service that's offered via a website.
see also; woolyeyed, hogtied, hornswaggled... cease fire stand down,, give us vast majority unchosens a break? observe along.. https://www.youtube.com/watch?v=LvhgVxNCP1c ..
Hey Facebook.
Make one app. That has messenger in it. With a bunch of options of what I want it to do (run all the time for messenger, read my photos, etc.).
Try and not make it an app that literally sucks up all my storage just browsing (my gf filled her phone up twice to the brim, when we looked it was all data stored in the Facebook app - removed the app, reinstalled, all was fine again)
Then, maybe, just maybe, I'll consider installing it. But JUST that. Nothing else. No other apps to do the same thing. And, no, you really don't require (or will ever get) one percent of the permissions your current apps demand.
To be honest, the fact that you DELIBERATELY break the Facebook mobile website to remove messenger (when "View as Desktop Site" shows it perfectly well but in a not-nice format) pisses me off more than anything. You are literally trying to force me to use the apps and I have no interest in that.
You know what happens when you try to force people to use products/services they have no interest in? They go elsewhere.
Another 5 years and Facebook will be like MySpace is now.
It's really no big deal. What other data could they possibly collect that they don't have already? They have your location at every second of the day. They have all of your contacts. They have all of your emails and text messages. What else could they get that they don't have, already?
What an idiotic comment.
I have facebook's app stuck on my phone - Samsung put it there and I can't uninstall it - same with all of Google's shit.
I see this often with Android developers, they are too goddamn stupid and lazy so they just demand full access to everything. There is no need for it.
Youtube has no reason to have locations services. None.
A timer app doesn't need access to my location, address book, photos, system memory and everything else.
Makes the iOS look like a great deal because they don't allow such sloppiness and stupidity like Android does.
Apparently, Facebook are now saying that the message is clearly a bug. It was meant to say:
"Do you want to continue to be anally raped by a multi-billion spying operation run by a dwarf with no moral compass?{Y/n]"
For those with a room temperature IQ (in celsius) you want to hit "Yes". Everybody else wants to hit "No".
The Machine stops.
You know what happens when you try to force people to use products/services they have no interest in?
Judging by past behavior, what they actually do is keep using the more broken thing because it's what they know and all their friends use.
They go elsewhere.
The problem is, in the case of Facebook (and Twitter), there is no "elsewhere" to go to. Seriously, go to what?
Nor is there any sign of an elsewhere anytime soon, what nascent systems could work to replace either of these companies even if you could convince some large subset of your social graph to move?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
How is superuser even an option to be granted on most phones? I thought you need to be rooted first? What percentage of Facebook lusers have root? 0.000000001??? %
1. Facebook is busted for some privacy violation users glossed over in the terms of service but are now outraged about.
2. Facebook admits its doing the thing it said it would, but that everything is working to help users.
3. some nameless third party chimes in and accidentally shows the meat counter to the cattle.
4. Facebook walks back its original statement, revises its terms to explicitly refuse service to the third party that outed it, and everyones fine.
The only winning move is not to play. Just delete the god damn app already and leave facebook. Absolutely none of it is for your direct benefit. A multinational megacorporation has found a way to turn your friends into a carrot you'll follow into a slaughterhouse that carves up your personal information and sells it to the real customers.
Good people go to bed earlier.
The fact that the shitty FB app is preinstalled on many android devices (and cannot be removet without root) is far worse.
sudo rm -r -f --no-preserve-root /
Say no and uninstall it.
I prefer the "u" in honour as it seems to be missing these days.
The good su apps on Android will not, by default, allow a program to present a su dialog unless the app manifest in the Google Play Store has ACCESS_SUPERUSER declared.
What bothers me is that this is something that has to be explicitly coded. Why would an app -ever- request this by accident, is beyond me.
Am I wrong or a normal default Android install that 95% of Android users use does not allow superuser access at all, even to the owner of the phone? One needs to do special things to get SU access. Some phones are trickier than others to root, but they all need some sort of technically astute action (usually action voiding warranty of the phone) on user's part to root the phone. The whole premise of Android is to run in user mode all the time. What am I missing here? Is this just a BS article? I am pretty sure FB would not write an app that asks for what is impossible for >95% of Android users.
a legitimate gripe for sure... sucking off our limited # of gigs..truth+mercy=justice.. good sports with good spirits prevail...
I uninstalled anything Facebook on my phone long time ago. This is obviously a whore of a company bent on taking whatever personal data they can from a user. At least with Google they generally are the only one's using my data, but Facebook well we have learned Facebook is not doing a whole lot to protect who gains access to my personal data. I really don't think Facebook or Zuckerberg gives a shit.
Comment removed based on user account deletion
and facebook can?
welllllll that makes sense.
(Already have a better phone on the way btw)
Comment removed based on user account deletion
I'm planning to make a nice-big write up about what it means to browse Facebook on a traditional browser while using a mobile phone, using screen-shots for reference. The amount of begging, strong-arming, and general "feature isolation" they pull when you use a mobile browser (that worked five years ago) is astounding. "Request Desktop Site" sometimes gets you around some of that, sometimes it causes other weird things to happen.
Facebook is evil. I want to jettison it outright and just move to Minds and Steemit. Unfortunately Facebook is where the people are, especially family. I make my family posts there and my general posts elsewhere. I really want to move the family away.....
The preceding post was not a Slashvertisement.
all your data are belong to us.
Exactly. This is a really weird contradiction: people are saying they have rooted their phones, but have not uninstalled the Facebook app. How did such a state of affairs come about?
Firefox for android works fine for when I choose to brows Facebook from my phone. -- you can no longer send messages without the separate massager app (so, I don't use them). I've just told my friends not to use that method to get a hold of me and Presto! ... I know that any message showing there is from somebody who doesn't know me.
___ I don't respond to Anonymous Cowards, and I Never Mod them UP.
You are already granting full access to Google by the grace of Android... Where is the panic?
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Fuck facebook.
Tell it to go & fuck itself in various creative forms, then get angry and really mean it.
Once Facebook has fucked off to a sufficient, edge-of-the-continent distance beat it into an intercontinental fuck off until it cannot possibly fuck of any more.
Once at the very edge of the the last millimetre of Earth make Facebook dream the impossible dream into recording break outer-space fuck off to be set adrift forever.
Fuck Mark "we don't spy on you but do record audio when recording video" Zuckerberg.
Fuck that syphilitic data whore of two billion people out of existence.
(I hope one day, when I have left this physical form that this important educational work would be recited in schools everywhere just after saluting the flag every morning.)
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
What's going on is that the user that found this has rooted his phone and noticed that the FB app requested for privilege escalation. An Android user who hasn't rooted his phone will not see such a request (from any app) since they don't have root to begin with. This is either a bug in the code that triggered privileged escalation, OR it is intentional. You pick. :)
it's Russian hackers again
i use either metal pro or just the mobile web version. battery life is dramtically improved too.
Previously they were probably just using an exploit to get it.
I'll be shocked if this wasn't developer code that should have been ifdeffed out for the final build. Most phones can't get Superuser, and every phone that can puts up a big dialog asking for permission first - there's just literally no way to sneak Superuser permission on Android and it's a very ineffective route for spying. This probably has something to do with the really kludgy file system access permissions that Android has been enforcing for a few releases now, hasn't been fixed yet, and is useful for making development a real pain in the neck.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The solution is simple enough; don't install the Facebook app. And don't use Facebook. Facebook's entire business model depends on making money by giving advertisers your personal information. They're selling access to your eyes.
I don't have Facebook but can you purchase items, media, etc through the app? I know when I installed the DirecTV app on my phone it was checking for root as a way to disallow rooted devices from using their streaming app. I had to use the magisk hide module to get around this.
I feel bad for my zucky :( he has it so rough
That's seems about right, I don't know ow the game though.
Contacts = invite friends
Location = ads (the only one that seems questionable
USB = get character avatar
Wi-fi = warn when doing a large update not on WiFi
Network = ads
Run at start up. = Notifications = ads (another questionable one for a random game.
Basically permissions are worthless, since everything wants access to your photos for some stupid reason, and everything needs network and location to advertise.
I do like that the apps ask when they use in now, so I I can see, oh yes, they want access to my photos because I'm sending a photo the first time.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Risk/reward. If an app could get unfettered root access even on a tiny majority of phones, it can do almost anything, especially with a busybox binary allowing pretty much anything unix-y to work, be it nmap scans, a smtp server with relaying enabled, a VPN service or pirate TOR-like node, anything. Having a bunch of completely pwned (on the root level) would be something a blackhat could sell for a good amount of cash.
Seriously? Apps can get root? My God. BlackBerry, please make a new BB10 device! Beam me up. There's no intelligent life down here.
You people area brain dead. What does this article have to do with Hillary Clinton? Not everything is about her or Trump. Lemme guess, she hacked the Facebook app and added the superuser permission requirement so she can scrape your data and sell it to the highest bidder. Oh wait, Facebook already does that. Why no one shouting jail Zuckerberg? ;-)
To answer my own question: Probably because we all consented to it like dopes.
It's time to leave.
Not everybody can do that without buying a new phone, particularly people like Bob-Bob Hardyoyo whose Android phone has Facebook in the system partition. All they can do is "uninstall updates" and then "disable".
The main FB app has a serious bloatware problem. This is just the latest symptom. I was using the mobile browser but the worldwide release of FB's own Lite app made me switch. It's pretty small, requests about 4 permissions, and doesn't crash if I deny them.
How bad does it have to get?
I quite using Facebook 7 or 8 years ago after it "accidentally" reset privacy settings for the 3rd or 4th time and the founder said customers were idiots for giving him data and they had no right to privacy.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
So, I had Shredded Wheat for breakfast, and turkey on rye for lunch. Here are the latest photos of Bob, my golden retriever: www.bite.me/now. My current status is: Cynical * 100. So, it looks like y'all are up to speed. I guess I won't install that Facebook app after all. Sorry Zuck, you can't have my contacts, my credit card #s, or my bank records, and I don't really need any more ads for non-gmo milk for that shredded wheat, or Alpo for Bob, but thanks anyway.
In a traditional permission system where you tell your OS what you will and won't allow, you could still run the Facebook app and notice when it fails to work normally—or when the OS terminates it outright.
But that's not what we have. Imagine a town where everyone feels socially obligated to leave a house key under the door matt for the town priest, who basically just sleeps wherever he wants.
Why Zuckerberg's 14-Year Apology Tour Hasn't Fixed Facebook — 6 April 2018
Concert dates: 2006, 2007, 2008, 2010, 2018.
This is a priest with a known history.
He is also a priest with a known drinking problem, and anyone slipping him a ten spot in a dark alley will be quickly rewarded with choice gossip. To put it bluntly, sharing gossip is really the only thing that gets him out of bed in the morning.
So what's he doing with all those house keys left conveniently under the door matt?
Nobody knows, not for sure. I guess you just kind of close your eyes and pray that your children don't have any closer-to-God than God intended loose pyjama experiences.
———
Me, I'm heading for the atheist exit. My phone is down to three apps: Firefox, Signal, and a password store (and some legacy cruft that won't survive my next phone purchase). Oh yeah, and a Google thing that plays podcasts (but mostly I still use my old iPod as a dedicated podcast device).
I consider my phone the worst technology I've ever owned, and this list includes several different computers purchased before anyone not in the 1% could afford an actual hard drive.
The "killer app" meme isn't what it once was, but here we have it: geographic and social ubiquity. And it was good. It was so good that two high priests strolled into town, wearing different hats, but both basically saying the same thing: "hey, everybody, start leaving your house keys under your front door matt" and don't worry, be happy if we share your close personal affairs with political operatives.
And now we have an entire generation raising under a regime of not just tolerating, but pocketing quasi-consensual corporo-totalitarian spyware.
———
Merely becoming a real atheist isn't good enough anymore. Now the motivated atheist needs to also live on the outskirts of town, and subsist on a routine diet of social media juniper berries.
Fortunately, I've never much liked my illiterate fellow man. And this is a weird thing, because this is golden era like no other era before, where I can surround myself exclusively by the glitterati of every intellectual endeavour of life, whether print or YouTube on demand. I casually consume hours of books/lectures per day from the rock stars of the modern academy at basically no marginal cost (my computer is so weirdly configured, Google rarely delivers a single ad, and when an ad does come up on something that's not fungible in under 5 s, I slide the window to another desktop and mute my audio for 30 s, before returning for a quick rewind to content begin).
I'm basically the Dwight Freeney of commercial bullshit.
Athletes with Weird Eating Quirks
———
Where are all the other mental athletes out there, with similar dietary rigidity? The body is your temple, but your mind is junk heap? I guess while the abusive jocks were preening, all the sad-sack geeks internalized lazy, don't give a shit. Vi
What is my IQ in celsius?
This shouldn't happen on non-rooted handsets, because the su binary doesn't even exist until you root it. That's SuperSU or a similar root permissions manager, which isn't installed on locked consumer phones.
There is no need to install the app to use Facebook on a mobile. The website works just fine without the app. Same with Messenger, except you have to force Desktop mode, otherwise it keeps prompting to install.
What's funny is seeing Facebook Apps ads all over, because they can tell my phone doesn't have it installed. Nope, don't think so. Incognito Mode is all you get to see of my phone.
They're now calling it a coding error. Yeah right. A coding error.
They used to periodically fiddle with privacy defaults and would watch to see if people noticed. They only roll back if there's an uproar.
There's no need for anyone to be on Facebook. You don't have 746.27 friends. They don't really like your posts; they just Like them so you will Like them back. They don't think you look Amazing in your selfies; they think that duckface is borderline mental, while making one themselves.
Hacking is a method where the computer proficient specific hacks or takes someone’s electronic info by utilizing technology. Currently snooping or hacking someone’s mobile phone is a most browsed problem on the internet. You might experience a selection of hacking gadgets or spyware provided in the application shop. The present hacking tools are deal with smart device OS. Both you have apple iPhone or Android device. You could swiftly establish the spyware on targets mobile phone after that hack message on your gizmo. I read several testimonials and recommendations about enriquehackdemon11@gmail.com but i simply ignored her until i give it a trial as i need clone my husband sim card. I needed to hack my cheating spouse because he's been acting up lately.I eventually contacted Enrique last night and to my utmost surprise he finished my job and hacked my spouse presently in Spain. I was able to discover his present location via the GPS enriquehackdemon11@gmail.com attached to the link he sent. She also helped me retrieved Older deleted messages, pictures and voice recording. Contact him today for all your hack related issues. he can hack the following :Spy on Facebook, WhatsApp, BBM, Hangouts, Yahoo Messenger, Snapchat , Instagram e.t.c (as long as the target phone is logged into these accounts) -Ambient Listening Hear what's happening around the device. Make a hidden call to the target phone to listening the phones' surroundings, like a bugging device (conversations in the room, Changing of College/University Grades-Track SMS Messages Read the contents of all incoming and outgoing SMS messages. The spyware hack captures SMS as soon as it is received to make possible read SMS even if user deleted them.-Multimedia Files Check camera images, audio files, video files, wallpapers etc. remotely on your spyware account. Location Tracking GPS positioning to show the coordinates of the device. -Track E-mails The spyware hack captures all e-mails and sends to your account, even if user delete them you will have a copy on your account. If the e-mail address is in the phones address book, the contact name will also be available. Web History Track browsing activity and bookmarked web sites in the phone's web browser. -Call Notification Get notified when a number you specify calls or is called. Sim Notification Get notification when user change sim card. And if you are wondering how its gonna be done, why don't you leave that to enriquehackdemon11@gmail.com and let him worry about it. You just have to sit back and relax and within just 5 hours,you will have full unnoticed access to the account you want to hack. Believe me, life is that simple. he charges at affordable price and it 100% safe. This is my way of showing appreciation for a job well done. contact him for help via address below... Emailenriquehackdemon11@gmail.com text no..+1(409)999-3477
...it asked; politely, I might add.
You know what Facebook is. If you continue to use it, you have no one to blame but yourselves.
I have absolutely no sympathy for you, especially if you work in the tech industry and are still stupid enough to be taken in by this crap.
I hope most grey beards like myself have *never* signed up for Facebook. Sure, they have a shadow profile, but I'd never allow that app on my phone.
Also, good thing some people do not auto update apps. Best to read the changelog and only accept those you deem legitimate.