Facebook iPhone app security hole?
March 1st, 2010 | by Jeremy |The other day my brother borrowed my iPhone to access his Facebook account. He logged me out of the Facebook app, signed in as himself, did this thing and then logged out.
I have push notifications turned on for the Facebook app, so whenever someone posts on my wall or responds to a thread on Facebook that I contributed to, my phone lights up and shows the activity. Well the next day, I noticed I was getting updates from people that I didn’t recognize. I then realized these updates were all intended for my brother. The Facebook app was acting as if he was still logged in.
I loaded up the Facebook app just to make sure he logged out. Yep. Then I logged in as myself, thinking maybe that would fix it. No such luck. Now I get push notifications for my account AND his account!
From what I can figure out, the Facebook app uses a second login to whatever server is responsible for sending push notifications. When my brother logged out of the Facebook app, it didn’t log him out of the push notifications server. It’s annoying, but not a big problem for me and my brother. But it could be a security problem for others. If I wasn’t Facebook friends with my brother, this would allow me to figure out some of the people he’s friends with and also track some of his conversations.
Now if you weren’t friends with someone on Facebook, you probably wouldn’t be giving them your phone to log in and check their account. So maybe it’s just annoying. Still, hope they put out a fix for it soon… Otherwise, I’ll probably have to uninstall and then reinstall again.
A friend of mine reported a similar issue with Meebo on the iPhone. He would get push notifications any time something on one of his messaging systems went off. It started to get annoying so he logged out of all his messaging accounts through Meebo and even logged out of Meebo itself, but he still got push notifications. He ended up having to uninstall the app to make it stop.
Maybe these problems are more of an issue with iPhone push notifications than with the apps. I couldn’t find anyone else writing about Facebook iPhone app issues, except TechCrunch talking about the Facebook iPhone app allowing you to post to any Page, even if it was secure and ignoring privacy settings on their status updates.
I like the push notifications on the Facebook app, but that might be why I go over my text messaging limit every month…
UPDATE 4-19-2010: Wow. I deleted the Facebook app off my iPhone which stopped the updates from being sent. But after redownloading it from the app store directly to my phone, I’m STILL getting updates from my brother’s account.
4 Responses to “Facebook iPhone app security hole?”
By Mr. Glass on Mar 1, 2010 | Reply
Did you try turning it off an on again?
I wonder if turning it off would log you out of their push notifications. worth a try.
By Jeremy Borger on Mar 3, 2010 | Reply
Turning off the iPhone and turning it on again didn’t fix anything… Good thought, though.
By CNations on Mar 17, 2010 | Reply
I read a topic discussion about this on facebook. Apparently if you have your bro sign back in from your phone app, go to settings to disable push notifications, then sign him back out and you in, it fixes it. My phone is doing the same thing and it driving me insane. My problem is I haven’t been able to meet up with my friend so he can do this solution. Word to the wise for the other readers, do NOT allow someone to sign on to your iphone apps.
By Audrey Phillips on Jul 9, 2010 | Reply
link popularity is very important in order for your website to get higher up in the search results page of any search engine.;*,