The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal.
"Grants full access to your device," read the prompts while asking users for superuser permissions.
Prompts originate from the official Facebook app
These popups originate from the official Facebook Android app (com.facebook.katana)" and are started appearing last night [UTC timezone], continuing throughout the day.
Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advise or what's going on:
Ok well this happened to a friend of mine! #Facebook is requesting #SuperUser priveliges on #Android WTF is this -_- ... pic.twitter.com/pooVOQB6AZ
— Tarek Jellali (@tarkan_t29) May 17, 2018
Why Facebook wants a superuser access ? @facebook pic.twitter.com/wMSvfRD6M9
— Sangam Adhikari (@The_asangam) May 17, 2018
Why does the @facebook app need Superuser permissions? What is going on with this company? #facebook #SuperSu #root pic.twitter.com/pXpWdHYv4Q
— Aman Sikka (@aman_sikka) May 18, 2018
So after @Paytm , @Official_Markfb trying to access superuser from their @facebook app... Shall we ask why?@Android pic.twitter.com/qo5Z6ikjv2
— Swapnil Soni (@SwapnilSoniXDA) May 17, 2018
Facebook app in my phone keep asking me Superuser (root) access permission. What's going on? What is it trying to do? #facebook #superuser #android #magisk pic.twitter.com/gJKIbHmg08
— Emanuel Caesar (@emanuelcaesar) May 17, 2018
@facebook asking for root permission? Time to dive into that APK! pic.twitter.com/1WdL5E2DdR
— Nikolaos Chrysaidos (@virqdroid) May 18, 2018
This is not the first time that the Facebook app has requested superuser permissions. Facebook users reported similar superuser request prompts on May 8, albeit that event wasn't as widespread as the one today.
Users reported seeing the first wave of superuser request dialogs with the Facebook Android app 172.0.0.12.93, while today's second wave appears to have been triggered with v172.0.0.66.93, based on user reports.
Bleeping Computer has reached out to a Facebook spokesperson to clarify why users are seeing these popups today, but we have not received a reply before this article's publication.
Most likely a coding error
Several Android security researchers who spoke with Bleeping Computer suspect the popups are appearing because of a coding error.
Avast mobile security researcher Nikolaos Chrysaidos has taken a look at the Facebook app's source code and believes the offending party is an SDK (software development kit) embedded in the Facebook app.
The package that appears to be triggering the superuser popup is the WhiteOps SDK, a software development kit for detecting ad fraud and implementing domain white/black-lists.
"Yes, it could be a coding error. Most possible yes," Chrysaidos told Bleeping Computer in a private conversation today. "The dialog started popping up on users that are in the beta channel."
"Along with other various checks. Facebook is probably integrating WhiteOps SDK, and they forgot to re-implement the ROOT checking functionality," Chrysaidos says.
If there was a time for Facebook developers to screw up their code, this is about the worst time to do so. With all the privacy implications of the Cambridge Analytica scandal, users are now piling up new paranoid accusations with every new angry tweet and forum reply, blaming the social network of new nefarious spying attempts.
UPDATE [May 18, 16:00 ET]: A Facebook spokesperson confirmed the popup dialog was caused by a coding error.
Comments
Exnor - 2 years ago
Sure let go with is a "coding error"...
Steve Holle - 2 years ago
The "coding error" is that the popup wasn't supposed to show. :) It was only a matter of time.
NumoQuest - 2 years ago
All you who like to go with the 'encoding error' statement .... better not. That statement is a downright Lie. In computing, in programming, there is no such thing as an error. If een error occurs it is a sign something isn't working, an error message therefor is programmed and appears on your screen. Sometimes an error occurs when an expected act is not, so you got stuck somewhere in what you were doing and no error message was coded.
Something as trivial as requesting permission to the root of a device, demands a specific and thought through act and programming that never can be an coding error. In this instance facebook is requesting you granting SDuperUser priviledges to be able to access the root operating system of that device. And with that you allow Facebook total control over your device.
Just think about that, and now the lie facebook is stating 'it' be an coding error. What facebook wants? Facebook's artificial intelligence want total insight of how you are using your device and facebook. Giving them access to your friends and family data, facebook will close the net over you and all your friends and family and will give thirt parties commercial insight in who your family and friends are.
Facebook also want to be able to use your camera and microphone to gather useful ai intelligence. How do you use your device, whom is important to you, how do you react on personalized advertisement. Allowing Super User privileges to facebook is saying goodbye to your entire privacy for facebook then has become a simple computervirus in your mobile phone.
One also can see it as facebook wants total enty and control over your life and to use the words of Mr. Zuckenberg himself, you also have the option to say no.
But be aware.... that request also can be programmed that you allow SuperUsers right to facebook on the moment you deny. That also could be stated as 'a coded error...' hence a lie. Perhaps security professionals now are utter suspicious to dive into that.... ?!?!