Slashdot Mirror
Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.
No need to be freak outing. Just grant access for Facebook. Nothing could go wrong.
The Facebook
Is Your Friend
Trust The Facebook
I'll see your senator, and I'll raise you two judges.
I don't know if it's algorithmic, or if most of my close friends just hardly use facebook anymore, but it seems like I just rarely see anything anymore in my feed anymore that I care about. It also seems weird that what does appear is generally from people I'm very faint acquaintances with -- if I am curious about one of my actual friends I pretty much have to go straight to their profile.
Besides that though, I think it just encourages behaviors I don't really enjoy seeing in my friends. I definitely know people who in real-life are totally cool, but their social media presence makes me question why I ever liked them in the first place. Mostly I see a lot of:
1) very overt attention seeking for pretty lame things (like, pretty girls posting selfies of themselves doing nothing interesting, or dudes with gym photos, that kind of thing) 2) Extremely broad and poorly thought out political rants 3) sharing really vapid motivational quotes 4) people being maybe a little too vulnerable to a very broad audience, to the point where it's awkward. 5) This one is the worst of all. People taking passive aggressive swipes at individuals by posting very vague status updates. I hate stuff like that.
I don't think of myself as a super judgmental person, but whenever I get on facebook I spend half my time just thinking "really?" and then feeling kind of gross.
Don't. install. Facebook.
#deletefacebook
Literally. Just remove that shit from your phone already! Then go out and do something more constructive with your life, rather than lazily scrolling through other people's "The best ..." life moments.
What went wrong is you didn't #deletefacebook.
"National Security is the chief cause of national insecurity." - Celine's First Law
It's really no big deal. What other data could they possibly collect that they don't have already? They have your location at every second of the day. They have all of your contacts. They have all of your emails and text messages. What else could they get that they don't have, already?
I don't respond to AC's.
Facebook users have already granted Facebook access to their life, and even parts of the lives of people around who are trying to stay out of its clutches, to boot. There is very little Facebook does not collect about you.
Why the crocodile tears when Facebook users are the ones who have voted in surveillance clusterfuck?
I'm most surprised that someone with enough technical merit to root their phone, would install the FB app to begin with.
The app already asks for every single permission available.
Only the State obtains its revenue by coercion. - Murray Rothbard
This app has access to: Contacts read your contacts Location approximate location (network-based) precise location (GPS and network-based) Photos/Media/Files read the contents of your USB storage modify or delete the contents of your USB storage Storage read the contents of your USB storage modify or delete the contents of your USB storage Wi-Fi connection information view Wi-Fi connections Other receive data from Internet view network connections allow Wi-Fi Multicast reception connect and disconnect from Wi-Fi full network access change your audio settings run at startup control vibration prevent device from sleeping
I got rid of any app that basically just mimics going to a website.
While I still use facebook (though at a limited capacity). I was tired of the app draining my battery, but also was very wary of all the stuff it was trying to get access to.
But in general I don't understand installing an app for a service that's offered via a website.
Hey Facebook.
Make one app. That has messenger in it. With a bunch of options of what I want it to do (run all the time for messenger, read my photos, etc.).
Try and not make it an app that literally sucks up all my storage just browsing (my gf filled her phone up twice to the brim, when we looked it was all data stored in the Facebook app - removed the app, reinstalled, all was fine again)
Then, maybe, just maybe, I'll consider installing it. But JUST that. Nothing else. No other apps to do the same thing. And, no, you really don't require (or will ever get) one percent of the permissions your current apps demand.
To be honest, the fact that you DELIBERATELY break the Facebook mobile website to remove messenger (when "View as Desktop Site" shows it perfectly well but in a not-nice format) pisses me off more than anything. You are literally trying to force me to use the apps and I have no interest in that.
You know what happens when you try to force people to use products/services they have no interest in? They go elsewhere.
Another 5 years and Facebook will be like MySpace is now.
Apparently, Facebook are now saying that the message is clearly a bug. It was meant to say:
"Do you want to continue to be anally raped by a multi-billion spying operation run by a dwarf with no moral compass?{Y/n]"
For those with a room temperature IQ (in celsius) you want to hit "Yes". Everybody else wants to hit "No".
The Machine stops.
You know what happens when you try to force people to use products/services they have no interest in?
Judging by past behavior, what they actually do is keep using the more broken thing because it's what they know and all their friends use.
They go elsewhere.
The problem is, in the case of Facebook (and Twitter), there is no "elsewhere" to go to. Seriously, go to what?
Nor is there any sign of an elsewhere anytime soon, what nascent systems could work to replace either of these companies even if you could convince some large subset of your social graph to move?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Facebook is busted for some privacy violation users glossed over in the terms of service but are now outraged about.
2. Facebook admits its doing the thing it said it would, but that everything is working to help users.
3. some nameless third party chimes in and accidentally shows the meat counter to the cattle.
4. Facebook walks back its original statement, revises its terms to explicitly refuse service to the third party that outed it, and everyones fine.
The only winning move is not to play. Just delete the god damn app already and leave facebook. Absolutely none of it is for your direct benefit. A multinational megacorporation has found a way to turn your friends into a carrot you'll follow into a slaughterhouse that carves up your personal information and sells it to the real customers.
Good people go to bed earlier.
The fact that the shitty FB app is preinstalled on many android devices (and cannot be removet without root) is far worse.
sudo rm -r -f --no-preserve-root /
What does it get beyond gps, ip, camera, mic in the OS? Persistence in the OS?
Domestic spying is now "Benign Information Gathering"
Say no and uninstall it.
I prefer the "u" in honour as it seems to be missing these days.
The good su apps on Android will not, by default, allow a program to present a su dialog unless the app manifest in the Google Play Store has ACCESS_SUPERUSER declared.
What bothers me is that this is something that has to be explicitly coded. Why would an app -ever- request this by accident, is beyond me.
Am I wrong or a normal default Android install that 95% of Android users use does not allow superuser access at all, even to the owner of the phone? One needs to do special things to get SU access. Some phones are trickier than others to root, but they all need some sort of technically astute action (usually action voiding warranty of the phone) on user's part to root the phone. The whole premise of Android is to run in user mode all the time. What am I missing here? Is this just a BS article? I am pretty sure FB would not write an app that asks for what is impossible for >95% of Android users.
I've never seen an Android app require full permissions in my decade of using the platform.
Comment removed based on user account deletion
I'm planning to make a nice-big write up about what it means to browse Facebook on a traditional browser while using a mobile phone, using screen-shots for reference. The amount of begging, strong-arming, and general "feature isolation" they pull when you use a mobile browser (that worked five years ago) is astounding. "Request Desktop Site" sometimes gets you around some of that, sometimes it causes other weird things to happen.
Facebook is evil. I want to jettison it outright and just move to Minds and Steemit. Unfortunately Facebook is where the people are, especially family. I make my family posts there and my general posts elsewhere. I really want to move the family away.....
The preceding post was not a Slashvertisement.
Firefox for android works fine for when I choose to brows Facebook from my phone. -- you can no longer send messages without the separate massager app (so, I don't use them). I've just told my friends not to use that method to get a hold of me and Presto! ... I know that any message showing there is from somebody who doesn't know me.
___ I don't respond to Anonymous Cowards, and I Never Mod them UP.
You are already granting full access to Google by the grace of Android... Where is the panic?
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
If you upload videos then the location might be nice too, but that's a minor issue.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I have facebook's app stuck on my phone - Samsung put it there and I can't uninstall it - same with all of Google's shit.
You don't need to uninstall it; android let's you disable system apps so they never run. Sure, they still take up space on the device but, due to the way the phones are partitioned, that's space you can't use anyway. So the only advantage of uninstalling vs disabling is that if you could uninstall it you wouldn't see the icon any more.
Fuck facebook.
Tell it to go & fuck itself in various creative forms, then get angry and really mean it.
Once Facebook has fucked off to a sufficient, edge-of-the-continent distance beat it into an intercontinental fuck off until it cannot possibly fuck of any more.
Once at the very edge of the the last millimetre of Earth make Facebook dream the impossible dream into recording break outer-space fuck off to be set adrift forever.
Fuck Mark "we don't spy on you but do record audio when recording video" Zuckerberg.
Fuck that syphilitic data whore of two billion people out of existence.
(I hope one day, when I have left this physical form that this important educational work would be recited in schools everywhere just after saluting the flag every morning.)
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
What's going on is that the user that found this has rooted his phone and noticed that the FB app requested for privilege escalation. An Android user who hasn't rooted his phone will not see such a request (from any app) since they don't have root to begin with. This is either a bug in the code that triggered privileged escalation, OR it is intentional. You pick. :)
it's Russian hackers again
I'll be shocked if this wasn't developer code that should have been ifdeffed out for the final build. Most phones can't get Superuser, and every phone that can puts up a big dialog asking for permission first - there's just literally no way to sneak Superuser permission on Android and it's a very ineffective route for spying. This probably has something to do with the really kludgy file system access permissions that Android has been enforcing for a few releases now, hasn't been fixed yet, and is useful for making development a real pain in the neck.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The solution is simple enough; don't install the Facebook app. And don't use Facebook. Facebook's entire business model depends on making money by giving advertisers your personal information. They're selling access to your eyes.
I don't have Facebook but can you purchase items, media, etc through the app? I know when I installed the DirecTV app on my phone it was checking for root as a way to disallow rooted devices from using their streaming app. I had to use the magisk hide module to get around this.
Youtube has no reason to have locations services. None.
In all fairness there's a long list of licensing reasons why for a good number of their content videos they do need to know your national location.
That's seems about right, I don't know ow the game though.
Contacts = invite friends
Location = ads (the only one that seems questionable
USB = get character avatar
Wi-fi = warn when doing a large update not on WiFi
Network = ads
Run at start up. = Notifications = ads (another questionable one for a random game.
Basically permissions are worthless, since everything wants access to your photos for some stupid reason, and everything needs network and location to advertise.
I do like that the apps ask when they use in now, so I I can see, oh yes, they want access to my photos because I'm sending a photo the first time.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
It's time to leave.
Not everybody can do that without buying a new phone, particularly people like Bob-Bob Hardyoyo whose Android phone has Facebook in the system partition. All they can do is "uninstall updates" and then "disable".
Then why is there no option for "I prefer not to specify my location and am fine with not viewing any regionally restricted videos"?
The main FB app has a serious bloatware problem. This is just the latest symptom. I was using the mobile browser but the worldwide release of FB's own Lite app made me switch. It's pretty small, requests about 4 permissions, and doesn't crash if I deny them.
How bad does it have to get?
I quite using Facebook 7 or 8 years ago after it "accidentally" reset privacy settings for the 3rd or 4th time and the founder said customers were idiots for giving him data and they had no right to privacy.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
So, I had Shredded Wheat for breakfast, and turkey on rye for lunch. Here are the latest photos of Bob, my golden retriever: www.bite.me/now. My current status is: Cynical * 100. So, it looks like y'all are up to speed. I guess I won't install that Facebook app after all. Sorry Zuck, you can't have my contacts, my credit card #s, or my bank records, and I don't really need any more ads for non-gmo milk for that shredded wheat, or Alpo for Bob, but thanks anyway.
In a traditional permission system where you tell your OS what you will and won't allow, you could still run the Facebook app and notice when it fails to work normally—or when the OS terminates it outright.
But that's not what we have. Imagine a town where everyone feels socially obligated to leave a house key under the door matt for the town priest, who basically just sleeps wherever he wants.
Why Zuckerberg's 14-Year Apology Tour Hasn't Fixed Facebook — 6 April 2018
Concert dates: 2006, 2007, 2008, 2010, 2018.
This is a priest with a known history.
He is also a priest with a known drinking problem, and anyone slipping him a ten spot in a dark alley will be quickly rewarded with choice gossip. To put it bluntly, sharing gossip is really the only thing that gets him out of bed in the morning.
So what's he doing with all those house keys left conveniently under the door matt?
Nobody knows, not for sure. I guess you just kind of close your eyes and pray that your children don't have any closer-to-God than God intended loose pyjama experiences.
———
Me, I'm heading for the atheist exit. My phone is down to three apps: Firefox, Signal, and a password store (and some legacy cruft that won't survive my next phone purchase). Oh yeah, and a Google thing that plays podcasts (but mostly I still use my old iPod as a dedicated podcast device).
I consider my phone the worst technology I've ever owned, and this list includes several different computers purchased before anyone not in the 1% could afford an actual hard drive.
The "killer app" meme isn't what it once was, but here we have it: geographic and social ubiquity. And it was good. It was so good that two high priests strolled into town, wearing different hats, but both basically saying the same thing: "hey, everybody, start leaving your house keys under your front door matt" and don't worry, be happy if we share your close personal affairs with political operatives.
And now we have an entire generation raising under a regime of not just tolerating, but pocketing quasi-consensual corporo-totalitarian spyware.
———
Merely becoming a real atheist isn't good enough anymore. Now the motivated atheist needs to also live on the outskirts of town, and subsist on a routine diet of social media juniper berries.
Fortunately, I've never much liked my illiterate fellow man. And this is a weird thing, because this is golden era like no other era before, where I can surround myself exclusively by the glitterati of every intellectual endeavour of life, whether print or YouTube on demand. I casually consume hours of books/lectures per day from the rock stars of the modern academy at basically no marginal cost (my computer is so weirdly configured, Google rarely delivers a single ad, and when an ad does come up on something that's not fungible in under 5 s, I slide the window to another desktop and mute my audio for 30 s, before returning for a quick rewind to content begin).
I'm basically the Dwight Freeney of commercial bullshit.
Athletes with Weird Eating Quirks
———
Where are all the other mental athletes out there, with similar dietary rigidity? The body is your temple, but your mind is junk heap? I guess while the abusive jocks were preening, all the sad-sack geeks internalized lazy, don't give a shit. Vi
I would like an option to select exactly what kind of permissions I grant an app. If I then try to use it in a way that requires additional permissions, it would pop up a request saying that it needs permission to use such-and-such to proceed, allowing me a choice of a one-time or permanent extension of the permissions.
Let me know when a major U.S. electronics showroom chain offers phones warranted to run LineageOS.
Also, c6gunner, it's "lets," not "let's," in this context.
I'll be sure to pass your criticism on to the people responsible for Google keyboard's autocorrect function.
I would like an option to select exactly what kind of permissions I grant an app. If I then try to use it in a way that requires additional permissions, it would pop up a request saying that it needs permission to use such-and-such to proceed, allowing me a choice of a one-time or permanent extension of the permissions.
You can have that today. Just buy an iOS device. That's basically the way iOS has worked for years.
Wow, you're sure a needy one, aren't you? You not only insist on a warranty, without even knowing the price the item, and you want to buy it from a chain store, but you even insist on it having a showroom!
Who fucking cares about that shit? What does any of that have to do with what you replied to? They were talking about allowing choice, not ensuring popularity. Yes, yes, I understand; you personally won't buy it unless you think it makes you look cool, and your sense of what is cool is weak and vapid. But who cares? Why would that be on the same subject as what other people are saying they want access to?
They're now calling it a coding error. Yeah right. A coding error.
They used to periodically fiddle with privacy defaults and would watch to see if people noticed. They only roll back if there's an uproar.
There's no need for anyone to be on Facebook. You don't have 746.27 friends. They don't really like your posts; they just Like them so you will Like them back. They don't think you look Amazing in your selfies; they think that duckface is borderline mental, while making one themselves.
you want to buy it from a chain store, but you even insist on it having a showroom!
If a showroom is unimportant, then what steps should I take to evaluate the color reproduction accuracy, viewing angle, and response time of a display that I have never had a chance to see in person? Or the responsiveness of a touch digitizer that I have never had a chance to manipulate in person?
You can't, it varies from device to device and whichever one they let you play with in a "showroom" isn't the one you'd want to buy because it isn't even new anymore.
You can't even be sure that two devices next to each other on the shelf are from the same factory, much less the same batch, and even if they were from the same batch you can't be sure if the quality control procedures would let them mix displays from different suppliers into the same production run.
Shorter: Get over yourself