According to Gareth Wright, an app developer for iOS and Android, there is a security vulnerability that lurks on Facebook apps for both platforms.
Users who prefer logging into Facebook on Android tablets or on iPhones or iPads risk their personal information being stolen. The Facebook apps don't encrypt login credentials and allow malicious apps to get unauthorized access to vital information.
The security loophole allows any experienced hacker to steal the .plist file associated with the Facebook accounts. After the hacker copies the file on his device, he can then log into Facebook as the user whose identity he had stolen.
Gareth Wright sent the above information to a friend and asked him to verify the vulnerability. "My jaw dropped as over the next few minutes I watched posts appear on my wall, private messages sent, web pages liked and applications added," reported Gareth, noticing that he lost control over his own Facebook account.
He also sent a letter to Facebook's security team and found out that the social network is aware of the situation and promised to fix it.
For The Next Web (opens in new tab), Facebook's response was more elaborate, suggesting that the vulnerable devices are actually those that are jailbroken or modded. Both tech websites, The Next Web and Gareth Wright's blog, dismissed this assumption.
source: GarethWright (opens in new tab)