Facebook Android app security flaw affects those who don’t even use the app

While it’s not clear just why the app would do this, or what purpose it has for doing so, the Facebook app for Android is taking your phone number the first time you open it up. Without even logging in, the app takes your number and stores it on the Facebook servers. You don’t need a Facebook account, or even initiate an action within the app. Simply having it and opening it will allow the app to take your phone number.

Norton discovered this security flaw during routine testing they perform on apps for their Mobile Insight security app. According to Norton, their testing methods are sound:

 

Through automatic and proprietary static and dynamic analysis techniques, Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior. Further, Mobile Insight will tell you exactly what risky behavior an application will perform and give you specific, relevant, and actionable information.

-norton


Norton then reached out to Facebook, who claimed to be unaware of the issue. They told Norton they“did not use or process the phone numbers and have deleted them from their servers”, and said they had no knowledge of the issue. Norton also notes that Facebook is not the only app doing this, or even the worst offender. They promise more information on other culprits in coming weeks, but we’re still curious why Facebook would take numbers from a device that wasn’t even logged in. If I were to download the app, then open it to see what it looked like out of curiosity, my number would then be uploaded to the Facebook server.

We’re not ready to call Facebook nefarious on this account. Giving them the benefit of the doubt, even in the face of all their other security flaws, we’ll chalk this up to another error on their part. What this does do is bring into focus app permissions, and how important they are. Perhaps more importantly, how they can be abused by the app publisher, and ignored by users as fine-print.

Source: Android Authority

 

Facebook's outmoded Web crypto opens door to NSA spying

Secret documents describing the National Security Agency's surveillance apparatus have highlighted vulnerabilities in outdated Web encryption used by Facebook and a handful of other U.S. companies.

Documents leaked by former NSA contractor Edward Snowden confirm that the NSA taps into fiber optic cables "upstream" from Internet companies and vacuums up e-mail and other data that "flows past" -- a security vulnerability that "https" Web encryption is intended to guard against.

But Facebook and a few other companies still rely on an encryption technique viewed as many years out of date, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communications. Facebook uses encryption keys with a length of only 1024 bits, while Web companies including Apple, Microsoft, Twitter, Dropbox, and even Myspace have switched to exponentially more secure 2,048-bit keys...

Read the full story here. Source: CNET

Facebook launches photo comments

Facebook is now letting its 1.11 billion members react to their friends' status updates with photo comments.

The social network said Wednesday that it has started the global release of the new feature, which lets people add photos to comment threads using a new Attach a Photo button. To start, uploads of photo comments will be restricted to the Facebook Web site and mobile site, but simply viewing photo comments will be possible from Facebook's mobile applications, the company said.

Photo comments are a product of one of Facebook's famous hackathons. Facebook engineer Bob Baldwin, one of the developers behind the release, said he was inspired to create the photo comments feature because, "sometimes showing a photo helps me tell a story much better than words alone."

The new addition could transform the social network into a more meme and teen-friendly zone, as photos turn commenting into a more playful activity. Of course, there's also the potential for spam, abuse, and just plain ugly comment threads. But imaginer Baldwin wishes for the best. "I hope this will make threads with friends more expressive and engaging," he said.

Source: CNET

 

Facebook schedules event for June 20 to reveal 'big idea'

Facebook is inviting members of the press to attend a mystery event on Thursday, June 20 at its Menlo Park, Calif. headquarters, where the company promises to unveil a new product.

The invitation, sent via snail mail according to ABC News, reads: "A small team has been working on a big idea. Join us for coffee and learn about a new product."

Facebook confirmed the event with CNET but would not provide additional details.

The invite for the product-related event closely trails the social network's release of hashtags, a long overdue feature that finally connects the company to pop culture.

It also comes just days after a developer discovered code that hints at the development of aFacebook RSS reader. A reader release would make for a timely launch as Google Reader isgoing dark on July 1.

Source: CNET

 

Sheryl Sandberg: Teens not abandoning Facebook

RANCHO PALOS VERDES, Calif. -- Facebook Chief Operating Officer Sheryl Sandberg isn't overly concerned that teenagers will abandon the giant social network, as a Pew study reported. "We're the leaders in a growing market," she said during an onstage interview at theD: All Things Digital conference here. She acknowledged, though, that teens are using sites such as Tumblr and Twitter more. "We are watching that very carefully," she said.

Sandberg also noted that social networking and other Internet activities still trail TV in terms of time spent. Users on average watch 34 hours of TV a week, compared with 6 hours per week on Facebook. "There is room for people to do different things. All other services continue to grow and we do. We don't think it's a zero-sum game," she said...

Read the full story here. Source: CNET

Facebook's rocky year as a public company

Facebook's freshman year as a public company played out like an MTV drama in which Mark Zuckerberg was forced to navigate through an awkward accommodation with the rough-and-tumble world of Wall Street.

Even as Wall Street lectured loudly, a preoccupied Zuckerberg was only half listening and seemed more interested in saving the world from a dearth of sharing than worried about quarterly revenue performance. By year's end, though, Zuckerberg had earned his passing grade by demonstrating a masterful understanding of how to make money on mobile. Indeed, Facebook has seemingly weathered the worst even though it was an an uneven year with more than the usual fill of drama, one punctuated by extreme highs and lows...

Read the full story here. Source: CNET

AT&T to Discontinue 'Facebook Phone' HTC First?

AT&T is planning to discontinue the HTC First, better known as the "Facebook Phone," reports BGR. Released on April 12, the HTC First was touted as the first device to come with Facebook Home preinstalled, a feature that has not enticed buyers to purchase the phone.

When contacted, an AT&T spokesperson gave MacRumors the following statement in regards to BGR's report: "As mentioned previously, we do pricing promotions all the time and have made no decisions on future plans." 

The Facebook Home software, which can be installed on a number of Android devices, has also proven to be unpopular with Android users. The app has a two star rating in the Google Play store and has seen just a million downloads since it was released last month...

Read the full story here. Source: Mac Rumours

Facebook updates Home, says downloads reach 1M

MENLO PARK, Calif. -- Facebook is releasing a new version of Facebook Home, the social network's software suite for Android, the company announced at its headquarters here Thursday.

The new product will go live on Google Play at 1 p.m. Thursday as an update to the Facebook Android app, but users probably won't see it till about 3 p.m., Facebook said.

Facebook VP of Engineering Cory Ondrejka said the company is planning on several improvements to the product in the coming weeks, but today's update will have bug fixes. Also, for any Android devices that don't support Home, Facebook won't block users who want to transfer Home -- in a process called sideloading -- from supported devices. More than 10,000 people were using this method to get Home on unsupported devices shortly after Home launched, Facebook said...

Read the full story here. Source: CNET

Believe It Or Not, Research Reveals That Most Facebook Users “Self-Censor”

Is there anything about social media that researchers haven’t yet zoomed in on? This time, the study (.pdf) comes from a Carnegie Mellon Ph.D. student and a Facebook staffer, who reveal that most Facebook users tend to self-censor their comments at the last minute before posting.

Carnegie Mellon’s Sauvik Das and Facebook Data Scientist Adam Kramer co-authored a study that put millions of people’s Facebook habits under a microscope during a 17-day period. When the duo examined the massive sample size of 3.9 million users, they found that 71 percent edited themselves right before posting.

The study identifies “self-censorship” as “the act of preventing oneself from speaking” — though personally, I think a more accurate definition might be “the act of preventing oneself from looking like an imbecile to everybody one knows.” (You say potato, I say potahto.) The report hones in on the fact that today’s social media enables people to write and then review their thoughts before sharing them. This, Das and Kramer believe, is what gives users the room to second guess what they wrote.

I’m both surprised by these research results and not. On the one hand, it’s human nature for a person to evaluate how he or she comes off to others. But on the other hand, it certainly doesn’t seem like a whopping 71 percent are actually considering what they put out on Facebook. The network’s rife with offensive status updates, questionable pics and other regrettable messages.

I suppose all those gross updates and “potty” shares must come from the other 29 percent.

[Source: TechnoBuffalo]

Facebook launches real-time graphs to highlight its data center efficiency

Curious as to the effect that your poking wars are having on the planet? Facebook is outing power and water usage data for its Oregon and North Carolina data centers to show off its sustainability chops. The information is updated in near-real time, and the company will add its Swedish facility to the charts as soon as it's built. The stats for the Forest City, NC plant show a very efficient power usage effectiveness ratio of 1.09 -- thanks, in part, to that balmy (North) Carolina air.

[Source: Engadget]

Facebook hires former Apple executive and iOS 6 Maps lead Richard Williamson

Bloomberg reported late on Tuesday thatFacebook recently hired former Apple executive Richard Williamson as a manager in its mobile software group.

A 10 year Apple veteran, Williamson previously served as Apple's Director of iOS Software, a fact which serves to explain the hiring given Facebook's aggressive new push in the mobile space.

While at Apple, Williams oversaw the development of Apple's homegrown Maps app, which, if you recall, debuted to much controversy with the release of iOS 6. Williamson was ultimately shown the door this past November when Eddy Cue decided to shake up Apple's Maps team.

As for Facebook becoming a haven for former Apple employees, news of Williamson's hiring came shortly after it was revealed that the social networking giant had lured former Apple engineer and famed Tweetie inventor Loren Brichter into the Facebook mix.

The fact that Brichter is "helping" out at Facebook is particularly noteworthy because he's an iOS developer legend, of sorts. While he may not be a mainstream name outside of the tech world, his original Tweetie app set a new bar for what Twitter clients could and should be, both in terms of usability and aesthetic design. He's also credited with creating, or at the very least popularizing, common app features such as 'pull to refresh' and the 'cell swipe'.

Perhaps fittingly, word of Brichter's new place of employ first surfaced via a tweet from Mike Matas, a user interface designer at Facebook who previously spent 4 years at Apple working on UI features for a number of Mac and iOS apps.

Bloomberg adds:

Other former Apple employees brought in by Zuckerberg include Greg Novick, a former iPhone manager who helped develop the device's touch interface; Mike Matas and Kimon Tsinteris, software designers who joined when Facebook acquired their company Push Pop Press; and software engineers Scott Goodson, Tim Omernick and Chris Tremblay.

With the recent release of Facebook Home, we now have a clearer idea as to why Facebook has been so keen on snatching up companies and individuals with expertise in mobile software design. That said, the fact that a number of former Apple engineers and designer are now making their way over to Facebook isn't all that surprising. If anything, it underscores Facebook's commitment to deliver a grade-A experience in the mobile space, current reviews of Facebook Home notwithstanding.

[Source: TUAW]

Facebook addresses privacy concerns over Facebook Home

Facebook answers important user privacy questions. Read them before you install or buy anything.

A lot of folks have serious privacy concerns about Facebook's new Home application. Questions about location gathering, message reading, and the general "safeness" of Facebook tracking what you do on your Android phone. We have our own here as well, and have had plenty of internal discussion.

Facebook doesn't want folks to worry, so they released a privacy FAQ about the new product. It's a short read that everyone who might install the app needs to look at, but here are some highlights:

  • You can use Facebook without using Facebook Home
  • Facebook Home is just another app you install from Google Play. You can uninstall it at any time.
  • Facebook Home collects your Facebook activity, location, Facebook messages, and the apps in your Home app launcher. This data is user-identifiable for 90 days.
  • Facebook can not collect any data outside of the Home app, unless you use the HTC First  -- then it can track what apps generate notifications, but not the content of the notification.

We're not going to judge any of these policies -- that's for you to do. We are going to tell you about them and direct you to the full statement so you can read it and discuss. And you should.

[Source: AndroidCentral]