Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com) 183
Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.
No need to freak out (Score:5, Funny)
The Facebook
Is Your Friend
Trust The Facebook
Re: (Score:3, Informative)
Funny, I practically had the opposite reaction:
No need to freak out, just say "hell no", and when their mobile usage drops close to 0, it's FaceBook that will freak out...
It already dropped dramatically with the #deletefacebook movement, right ? Right ?
Re: (Score:2)
Re: (Score:2)
Remember when everybody had a Myspace account?
Re: (Score:2)
How about not using the app but a web browser?
Re: (Score:2)
Re:No need to freak out (Score:5, Informative)
Facebook needs the following permissions:
The masses: "Eh... odd, but I really need to check Facebook." [OK]
Re: (Score:2)
Seems appropriate.
Re: (Score:3)
No need to be freak outing.
They should all freak themselves out for using Facebook at all in the first place.
Hey, now they will come out with "Freakbook" . . .
Re: (Score:2)
For me it is less about not trusting Facebook on my device. But the idea of application running in full privilege mode bothers me. I normally get annoyed when an old windows App require Admin Rights to install, or worse like some old Windows 3.1 and Windows 95 Apps Requires Admin level right to run. Just because they couldn't figure out the safe place to save user data.
This shows poor judgement either in Facebook, for not coding around normal user permission and for Android for not allowing correct securi
com.facebook.katana dishonorabru! (Score:3, Insightful)
I don't know if it's algorithmic, or if most of my close friends just hardly use facebook anymore, but it seems like I just rarely see anything anymore in my feed anymore that I care about. It also seems weird that what does appear is generally from people I'm very faint acquaintances with -- if I am curious about one of my actual friends I pretty much have to go straight to their profile.
Besides that though, I think it just encourages behaviors I don't really enjoy seeing in my friends. I definitely know people who in real-life are totally cool, but their social media presence makes me question why I ever liked them in the first place. Mostly I see a lot of:
1) very overt attention seeking for pretty lame things (like, pretty girls posting selfies of themselves doing nothing interesting, or dudes with gym photos, that kind of thing) 2) Extremely broad and poorly thought out political rants 3) sharing really vapid motivational quotes 4) people being maybe a little too vulnerable to a very broad audience, to the point where it's awkward. 5) This one is the worst of all. People taking passive aggressive swipes at individuals by posting very vague status updates. I hate stuff like that.
I don't think of myself as a super judgmental person, but whenever I get on facebook I spend half my time just thinking "really?" and then feeling kind of gross.
Re:com.facebook.katana dishonorabru! (Score:5, Informative)
Obvious simple fix for that... (Score:1)
Don't. install. Facebook.
Re: Obvious simple fix for that... (Score:1)
Also don't use android.
Solution (Score:5, Insightful)
#deletefacebook
Literally. Just remove that shit from your phone already! Then go out and do something more constructive with your life, rather than lazily scrolling through other people's "The best ..." life moments.
Re:Solution (Score:5, Funny)
#deletefacebook
Oh, a "hashtag". Let's start a campaign about how shit one social network is on another shit social network.
Re: (Score:2)
Oh, a "hashtag".
I thought it was an IRC channel :(
Re: (Score:2)
It is now! lol
Re: (Score:2)
Re: (Score:2)
Re:Solution (Score:5, Informative)
IIRC my stock ROM on my last phone had facebook installed as an unremovable app. Depending on the phone's bootloader situation that could mean some folks CAN'T remove spywarebook. (Or their manufacturer's homebrewed spyware either)
Re: (Score:2)
Re: (Score:2)
What when wrong? (Score:2)
Re: (Score:2)
Is #uninstallupdatesfacebook OK? (Score:2)
Not everybody can do that without buying a new phone, particularly people like Bob-Bob Hardyoyo whose Android phone has Facebook in the system partition [slashdot.org]. All they can do is "uninstall updates" and then "disable".
Re: (Score:2)
Which prevents the app from doing anything, including running. Problem solved. What's your point?
BTW, the #deletefacebook tag refers to deleting fb accounts, not the app.
Re: (Score:2)
In order to get the superuser prompt, you need to be rooted. So anyone effected by this update should be able to remove the app
No big deal (Score:5, Funny)
Re: (Score:1)
It's really no big deal. What other data could they possibly collect that they don't have already? They have your location at every second of the day. They have all of your contacts. They have all of your emails and text messages. What else could they get that they don't have, already?
so you are most clearly a psychopath because you're not even noticing that you have your emotions and facebook doesn't.
Re: (Score:3, Insightful)
Well, I guess full access would also allow them to either edit your stuff (here are some new contacts, yay!) or delete them?
I admit I use facebook since it is the only way to keep contact with certain people, but I only have messanger installed - the app takes over 200MB on a phone which is a suspiciously large size for an app that does part of the things that a badly designed website does...
Re: (Score:2)
They have all of your contacts. They have all of your emails and text messages.
...and if you ever want to see them again, you'll buy $10,000 of the newly announced "Facecoin!"
Re: (Score:2)
I heard a hilarious German advert today involving a phone assistant that went feral. Among other things it threatened to send the owner's dick picks to their parents.
Stupid thing about that advert was I can't remember what it was for other than many a philosophical commentary on modern life.
Re: (Score:2)
Yeah, as always there's an XKCD for this...
https://xkcd.com/1200/ [xkcd.com]
Re: Laziness and incompetence. (Score:2)
I've never seen an Android app require full permissions in my decade of using the platform.
Re: Laziness and incompetence. (Score:2)
I have facebook's app stuck on my phone - Samsung put it there and I can't uninstall it - same with all of Google's shit.
You don't need to uninstall it; android let's you disable system apps so they never run. Sure, they still take up space on the device but, due to the way the phones are partitioned, that's space you can't use anyway. So the only advantage of uninstalling vs disabling is that if you could uninstall it you wouldn't see the icon any more.
Re: Laziness and incompetence. (Score:2)
Also, c6gunner, it's "lets," not "let's," in this context.
I'll be sure to pass your criticism on to the people responsible for Google keyboard's autocorrect function.
Re: (Score:2)
Youtube has no reason to have locations services. None.
In all fairness there's a long list of licensing reasons why for a good number of their content videos they do need to know your national location.
Re: (Score:2)
Then why is there no option for "I prefer not to specify my location and am fine with not viewing any regionally restricted videos"?
Re: (Score:3)
I would like an option to select exactly what kind of permissions I grant an app. If I then try to use it in a way that requires additional permissions, it would pop up a request saying that it needs permission to use such-and-such to proceed, allowing me a choice of a one-time or permanent extension of the permissions.
Re: (Score:2)
I would like an option to select exactly what kind of permissions I grant an app. If I then try to use it in a way that requires additional permissions, it would pop up a request saying that it needs permission to use such-and-such to proceed, allowing me a choice of a one-time or permanent extension of the permissions.
You can have that today. Just buy an iOS device. That's basically the way iOS has worked for years.
Re: (Score:3)
Let me know when a major U.S. electronics showroom chain offers phones warranted to run LineageOS.
Re: (Score:2)
Wow, you're sure a needy one, aren't you? You not only insist on a warranty, without even knowing the price the item, and you want to buy it from a chain store, but you even insist on it having a showroom!
Who fucking cares about that shit? What does any of that have to do with what you replied to? They were talking about allowing choice, not ensuring popularity. Yes, yes, I understand; you personally won't buy it unless you think it makes you look cool, and your sense of what is cool is weak and vapid. But
Re: (Score:2)
you want to buy it from a chain store, but you even insist on it having a showroom!
If a showroom is unimportant, then what steps should I take to evaluate the color reproduction accuracy, viewing angle, and response time of a display that I have never had a chance to see in person? Or the responsiveness of a touch digitizer that I have never had a chance to manipulate in person?
Re: (Score:2)
You can't, it varies from device to device and whichever one they let you play with in a "showroom" isn't the one you'd want to buy because it isn't even new anymore.
You can't even be sure that two devices next to each other on the shelf are from the same factory, much less the same batch, and even if they were from the same batch you can't be sure if the quality control procedures would let them mix displays from different suppliers into the same production run.
Shorter: Get over yourself
Re: (Score:2)
If you upload videos then the location might be nice too, but that's a minor issue.
Why do they care? (Score:2, Informative)
Facebook users have already granted Facebook access to their life [techcrunch.com], and even parts of the lives of people around who are trying to stay out of its clutches, to boot. There is very little Facebook does not collect about you.
Why the crocodile tears when Facebook users are the ones who have voted in surveillance clusterfuck?
Shocked I tell you (Score:5, Informative)
Re: (Score:2)
I'm most surprised that someone with enough technical merit to root their phone, would install the FB app to begin with.
Why not? What does technical have to do with using a service? Being technical doesn't mean you go all tinfoil hat private. Being non-technical doesn't mean you share every breathing second of your life on a Facebook post either.
We can flip this on its head. Having a rooted phone that provides you the fine grained controls to fake your data may be the only way to safely use Facebook.
Disclosure: Have rooted phone, have Facebook. Though have not seen a superuser request from it.
No big deal (Score:3)
The app already asks for every single permission available.
Re:No big deal (Score:5, Interesting)
The app already asks for every single permission available.
The purpose of the Facebook app is:
If you absolutely must use Facebook on your phone, do it using a web browser that is well secured. You won't really miss out on anything, but Facebook will.
Re: (Score:2)
Re: (Score:3)
If you read the Android manifest, the perms Facebook ask for is almost like a novel. I wouldn't be surprised if ACCESS_SUPERUSER was in there.
I miss XPrivacy. If a generic fleshlight app asks for every permission under the sun, it can have them... except it will fetch random strings for contacts, the location would be at the same spot all the time, the microphone and camera would give static. XPrivacy Lua should be its replacement, but it has a ways to go.
Barring that, I wish phone makers would allow fo
Re: (Score:2)
If a generic fleshlight app asks for every permission under the sun,
There can't be a fleshlight app any more, not after they removed the headphone jack anyway.
Even silly games like MonsterStrike require it (Score:1)
Re: (Score:2)
That's seems about right, I don't know ow the game though.
Contacts = invite friends
Location = ads (the only one that seems questionable
USB = get character avatar
Wi-fi = warn when doing a large update not on WiFi
Network = ads
Run at start up. = Notifications = ads (another questionable one for a random game.
Basically permissions are worthless, since everything wants access to your photos for some stupid reason, and everything needs network and location to advertise.
I do like that the apps ask when they use in
Got rid of the apps a long time ago (Score:2, Interesting)
I got rid of any app that basically just mimics going to a website.
While I still use facebook (though at a limited capacity). I was tired of the app draining my battery, but also was very wary of all the stuff it was trying to get access to.
But in general I don't understand installing an app for a service that's offered via a website.
Facebook (Score:5, Insightful)
Hey Facebook.
Make one app. That has messenger in it. With a bunch of options of what I want it to do (run all the time for messenger, read my photos, etc.).
Try and not make it an app that literally sucks up all my storage just browsing (my gf filled her phone up twice to the brim, when we looked it was all data stored in the Facebook app - removed the app, reinstalled, all was fine again)
Then, maybe, just maybe, I'll consider installing it. But JUST that. Nothing else. No other apps to do the same thing. And, no, you really don't require (or will ever get) one percent of the permissions your current apps demand.
To be honest, the fact that you DELIBERATELY break the Facebook mobile website to remove messenger (when "View as Desktop Site" shows it perfectly well but in a not-nice format) pisses me off more than anything. You are literally trying to force me to use the apps and I have no interest in that.
You know what happens when you try to force people to use products/services they have no interest in? They go elsewhere.
Another 5 years and Facebook will be like MySpace is now.
They what now? (Score:2)
You know what happens when you try to force people to use products/services they have no interest in?
Judging by past behavior, what they actually do is keep using the more broken thing because it's what they know and all their friends use.
They go elsewhere.
The problem is, in the case of Facebook (and Twitter), there is no "elsewhere" to go to. Seriously, go to what?
Nor is there any sign of an elsewhere anytime soon, what nascent systems could work to replace either of these companies even if you could conv
Re:They what now? (Score:5, Insightful)
The problem is, in the case of Facebook (and Twitter), there is no "elsewhere" to go to. Seriously, go to what?
Go outside ?
Re: (Score:2)
https://play.google.com/store/... [google.com]
Which Outside app is it? :P
Re: (Score:2)
I'm not saying people will use Facebook and Twitter forever. Obviously something will supplant them, someday...
But that first part of my post goes hand in hand with the second. Sure people will move on - but NOT IF THERE IS NOTHING TO MOVE ON TO.
Once again, WHAT do you suggest realistically replaces Facebook for most people, today? Crickets? Yeah that's what I thought buddy.
Re:They what now? (Score:4, Insightful)
Once again, WHAT do you suggest realistically replaces Facebook for most people, today? Crickets? Yeah that's what I thought buddy
It's like asking what you suggest to replace junk food and cigarettes. As long as you insist on exactly the same experience, nothing can replace it, obviously.
Re: (Score:1)
Why are you still using Facebook anyway?
Just delete it already.
Re: (Score:2)
... will be like MySpace is now. ...
What is a "MySpace?"
Re: (Score:2)
... will be like MySpace is now. ...
What is a "MySpace?"
its like a Geocities
Re: (Score:2)
Re: (Score:2)
Better yet, put the messaging back into the mobile website and let everyone use their web browser instead of a handful of apps.
"Everyone" except for the anti-JavaScript hardliners here on Slashdot, who prefer OS-specific installable native executables to OS-independent zero-install script-in-the-browser.
Re: (Score:2)
You know what happens when you try to force people to use products/services they have no interest in? They go elsewhere. ... Another 5 years
In another 5 years you may well be saying in another 5 years just like cold fusion. If Facebook has shown one thing it's that you can force an incredible amount of shit down your user's throats and they'll say please sir can I have another! Myspace was a relatively small platform that got replaced by a huge alternative. People have predicted the death of Facebook and the Next Big Thing (tm) social network for the past 10 years now. It hasn't happened.
Side note: Never heard of your Facebook storage issue. 9
Re: (Score:2)
(when "View as Desktop Site" shows it perfectly well but in a not-nice format)
Thanks for the work around! Someone should make a plugin for that.
Latest News.... (Score:5, Funny)
Apparently, Facebook are now saying that the message is clearly a bug. It was meant to say:
"Do you want to continue to be anally raped by a multi-billion spying operation run by a dwarf with no moral compass?{Y/n]"
For those with a room temperature IQ (in celsius) you want to hit "Yes". Everybody else wants to hit "No".
Re: (Score:2)
Apparently, Facebook are now saying that the message is clearly a bug.
It was either a bug or active warfare against the tinfoil hatters. It doesn't make sense for it to be a general hoovering of data as per normal since this permission would only affect the 0.001% of phones that are actually rooted, ... most of which are rooted because people distrust the likes of Facebook in the first place.
Re: (Score:2)
$ units
You have: 21 degC
You want: degF
69.8
Good grief, looks like I am!
Comment removed (Score:5, Informative)
There is worse (Score:5, Informative)
Re: (Score:2)
The fact that the shitty FB app is preinstalled on many android devices (and cannot be removet without root) is far worse.
That is a giant "meh". Just disable the app. A disabled app in Android literally can't do anything. It can't even be updated let alone run in the background sucking up data.
Re: (Score:2)
Re: (Score:2)
It might sound ridiculous to you
Yes complaining about a few 10s of MB of the default image being used does sound ridiculous to me.
Re: (Score:2)
Re: (Score:2)
It's 450MB for Facebook.
It's not 450MB for my current version, updated 6 times over including the data portion and the cache portion from the last 9 months of usage. If your install is that big then you've done goofed son.
Also apps shipped with the image do not sit on your data partition so they fundamentally sit unchanging, unedited. If you're worried about free space, then look up how much free space you get with your phone when you first purchase it. Complaining about the bundled apps is stupid in the face of the inefficiencies
Re: (Score:2)
It can be switched off (or whatever they call it).
They call it "disabled" but it's still crap, and if it comes on your phone then it's already got permissions to do things on your device if some OS feature "accidentally" re-enables it.
No big deal (Score:5, Informative)
Get a better su program... (Score:5, Informative)
The good su apps on Android will not, by default, allow a program to present a su dialog unless the app manifest in the Google Play Store has ACCESS_SUPERUSER declared.
What bothers me is that this is something that has to be explicitly coded. Why would an app -ever- request this by accident, is beyond me.
Re: (Score:3)
...Why would an app -ever- request this by accident, is beyond me....
My thoughts exactly. It was an accident only because they got caught.
Re: (Score:2)
What bothers me is that this is something that has to be explicitly coded. Why would an app -ever- request this by accident, is beyond me.
Apps do a lot of things when developers are working on it, and it wouldn't be the first time a wrong version has been pushed out to publish. To be honest it sounds like an oversight given what this is capable of: accessing additional permissions on a rounding error of a percentage of phones out there that actually have superuser capability enabled.
The alternative to an accident is quite bad. If this was done on purpose then someone decided to target a group of people specifically likely to NOT want anything
I'm collecting screen-shots of app whoring (Score:3)
I'm planning to make a nice-big write up about what it means to browse Facebook on a traditional browser while using a mobile phone, using screen-shots for reference. The amount of begging, strong-arming, and general "feature isolation" they pull when you use a mobile browser (that worked five years ago) is astounding. "Request Desktop Site" sometimes gets you around some of that, sometimes it causes other weird things to happen.
Facebook is evil. I want to jettison it outright and just move to Minds and Steemit. Unfortunately Facebook is where the people are, especially family. I make my family posts there and my general posts elsewhere. I really want to move the family away.....
Re: (Score:2)
I used to make posts on ts and then link to them on Facebook. Nobody seemed to care (save for one person). Then Facebook blocked ts, then ts went away.....
I might consider this, though I largely consider email useless, it's being killed by spam the same way usenet and good old-fashioned search engines like AltaVista were. Why bother using email if you have to sort through so much crap to get to the good messages?
Re: (Score:2)
Interesting - the preview showed the spelling of tsu (with a non-U.S. standard u) just fine, but now it's gone on the final posts. Guess it was the wrong encoding type somewhere.
why I don't use the app.. (Score:2)
And yet... (Score:2)
You are already granting full access to Google by the grace of Android... Where is the panic?
Re: (Score:2)
Facebook (Irregular Haiku structure) (Score:2)
Fuck facebook.
Tell it to go & fuck itself in various creative forms, then get angry and really mean it.
Once Facebook has fucked off to a sufficient, edge-of-the-continent distance beat it into an intercontinental fuck off until it cannot possibly fuck of any more.
Once at the very edge of the the last millimetre of Earth make Facebook dream the impossible dream into recording break outer-space fuck off to be set adrift forever.
Fuck Mark "we don't spy on you but do record audio when recording vide
As If We Needed Another Reason (Score:2)
The solution is simple enough; don't install the Facebook app. And don't use Facebook. Facebook's entire business model depends on making money by giving advertisers your personal information. They're selling access to your eyes.
Media or something? (Score:2)
I don't have Facebook but can you purchase items, media, etc through the app? I know when I installed the DirecTV app on my phone it was checking for root as a way to disallow rooted devices from using their streaming app. I had to use the magisk hide module to get around this.
GET OFF FACEBOOK (Score:2)
sick duopoly pudding (Score:2)
In a traditional permission system where you tell your OS what you will and won't allow, you could still run the Facebook app and notice when it fails to work normally—or when the OS terminates it outright.
But that's not what we have. Imagine a town where everyone feels socially obligated to leave a house key under the door matt for the town priest, who basically just sleeps wherever he wants.
Why Zuckerberg's 14-Year Apology Tour Hasn't Fixed Facebook [wired.com] — 6 April 2018
Concert dates: 2006, 2007, 200
Re: (Score:2)
Well, I consider the Nook e-book reader a worse purchase than the phone, and there was some notebook device I bought a few years earlier that was still worse. I actually have uses for my phone, but it sure isn't as good as my previous non-smart phone.
OTOH, I've never been tempted to download any apps. Perhaps if I did I'd consider the smart-phone a worse purchase. (My fingers are too large to consider the phone an acceptable keyboard, even for a a short note...or perhaps it's that I learned touch typing.
Re: (Score:2)
bill_mcgonigle (Score:3)
I'll be shocked if this wasn't developer code that should have been ifdeffed out for the final build. Most phones can't get Superuser, and every phone that can puts up a big dialog asking for permission first - there's just literally no way to sneak Superuser permission on Android and it's a very ineffective route for spying. This probably has something to do with the really kludgy file system access permissions that Android has been enforcing for a few releases now, hasn't been fixed yet, and is useful for
Re:Default Android install does not allow superuse (Score:4, Informative)