back to article Facebook Android app caught seeking 'superuser' clearance

Social networking giant and market-leading data broker Facebook is once again taking heat for playing fast and loose with its access to personal information. This time, it's the Facebook Android app that is under the spotlight after folks noticed it requesting an extraordinary amount of access privileges – specifically, …

  1. Chris G
    Trollface

    Oh Sorreee! Sorree!

    It must be a bug we take our l/users data very seriously and w...............

    Of course it could just be a bug.

    1. Sandtitz Silver badge
      Unhappy

      Re: Oh Sorreee! Sorree!

      FB can always blame the usual suspects - rogue coders did it!

      (that's rouge coders for the illiterate)

      1. frank ly

        Re: Oh Sorreee! Sorree!

        I always blush when I make that particular spelling mistake.

      2. Sgt_Oddball
        Trollface

        Re: Oh Sorreee! Sorree!

        I dunno, I've got a pair of red trousers I wear at work and they're pretty rouge now...

      3. Scott Marshall
        Black Helicopters

        Re: Oh Sorreee! Sorree!

        rouge coders???

        Oh, of course; it's a code-phrase for Russian Hackers.

        ROFL

      4. 's water music

        Re: Oh Sorreee! Sorree!

        Looking back I am never sure whether it was stranger that I spent years misreading Rogue Trooper as Rouge Trooper or that I never wondered more why the hell he would be called Rouge

        1. IsJustabloke
          Stop

          Re: Oh Sorreee! Sorree!

          "...that I never wondered more why the hell he would be called Rouge"

          Yes very strange given that he's blue!

      5. BillG
        Mushroom

        Re: Oh Sorreee! Sorree!

        No excuses.

        No forgiveness.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh Sorreee! Sorree!

      The Facebook mobile app should be classed as "malware" and removed from all app stores immediately.

      Two reaons spring to mind as to why it was written the way it was.

      1) The android securtity model is shite, it's not granular enough. You want access to the photo library, you need to grant the app with access to the phone records ( or some such bollocks! ). The Android secuirty model during development needs to be far more granular. When I need access to the network system, it should be portitoned out to only sub components I need and nothing else. When my app requests access to the photos, it gets access to the default photo app and the default photo directory and nothing else, not the phone records, SMS, logs from all other apps and Lord knows what else.

      2) Facebook simply wrote the app o include all privs and hoped users were to busy or stupid to realise what they were agreeing to!

      ( Sadly I already know which is the most likely. )

      I remember someone downloading the FB app a year or so ago and being shocked at the huge list of secuirty categories the app asks for. Why the fsck does a social media app need access to your phone records?! We all know the reason but FB is firghteningly insidious and vile invention, the worst bit is it's nothing to do with being social. The "social media" part is simply a by-product of one of the biggest advertising, captive audience systems in the history of humanity.

      1. israel_hands

        Re: Oh Sorreee! Sorree!

        The android securtity model is shite, it's not granular enough. You want access to the photo library, you need to grant the app with access to the phone records ( or some such bollocks! ). The Android secuirty model during development needs to be far more granular. When I need access to the network system, it should be portitoned out to only sub components I need and nothing else. When my app requests access to the photos, it gets access to the default photo app and the default photo directory and nothing else, not the phone records, SMS, logs from all other apps and Lord knows what else.

        Complete nonsense. Every single example you've given is a separate permission in Android. Call logs are separate from calling permissions are separate from media storage are separate from SMS logs are separate from SMS sending permissions. In older versions you had to accept all the permissions an app requested in order to install it but the last few major versions have included the option to selectively bar each app from each permission category.

        Not that I'm defending Facebook, or suggesting their app isn't malware, but you need to get your facts straight before you start pontificating about how to fix things. The issue here is that Facebook made yet another monolithic grab for data and turned out the usual shit apology when they got caught.

        1. Tom 38

          Re: Oh Sorreee! Sorree!

          I dunno, its not complete nonsense (apart from OP's examples). A better example would be Whatsapp. If I want to share media I've taken with people through Whatsapp, then I must grant Whatsapp the "Storage" permission. This doesn't give Whatsapp permission to read my media, and write received media to a particular folder, it gives it permission to create, read, update and destroy any user file in any location.

          Effectively, if you want to be able to share media, you also have to open all your data to the app in question and trust that it won't look in other places.

          1. Anonymous Coward
            Anonymous Coward

            Re: Oh Sorreee! Sorree!

            "Effectively, if you want to be able to share media, you also have to open all your data to the app in question and trust that it won't look in other places."

            Check phone. Access to Storage off.

            Opens WhatsApp.

            Opens gallery, and there are the photos.

            Hint: Deny all on installation and then allow what you want when it requests it.

      2. Robert Helpmann??
        Big Brother

        Re: Oh Sorreee! Sorree!

        The next logical step for FB is to develop and distribute their own phones. They could give them out for "free" all over the world, just like they do with their app.

        Icon for obvious reasons.

    3. JetSetJim
      Windows

      Re: Oh Sorreee! Sorree!

      I fail to understand why it even needs an app - it's just a view into the web pages. The only thing FB won't let work in the mobile web page is messenger, which is no great loss to me, but equally I bet could still be done in a mobile web page. The only reason for the app is to slurp your data, so I didn't bother installing it.

  2. Mark 85

    It's probably hubris on FB's part. Zuck got away with what he did in front of Congress and I do believe he really thinks he's doing nothing "wrong". FB scares me more than any other company for the level of invasiveness. Ok... Google is a close second this week.

    1. Anonymous Coward
      Anonymous Coward

      More Google revelations this week

      Google’s Selfish Ledger is an unsettling vision of Silicon Valley social engineering:

      https://www.theverge.com/2018/5/17/17344250/google-x-selfish-ledger-video-data-privacy

  3. GIRZiM

    Does anyone manufacture Mark Zuckerberg masks?

    They'd be ideal for Halloween and (especially) Guy Fawkes Night.

    1. Fruit and Nutcase Silver badge
      Jobs Horns

      Re: Does anyone manufacture Mark Zuckerberg masks?

      Time for a Zuckerberg version of -->

      ?

  4. JassMan
    Trollface

    Presumably with superuser access

    FB can not only read your whitelists and blacklist but also change them. This has the wonderful advantage for FB that they can whitelist any site which says how wonderful they are and blacklist sites such the old faithful ElReg who sometimes point out small failings of FB (which are of course total lies in the eyes of FZ***erberg). Of course since the users have willingly granted this access without reading the Ts&Cs, FB is only giving the users what they want.

    1. Danny 14

      Re: Presumably with superuser access

      hence why using the facebook app is madness. just use the web version if you need facebook.

      1. Joe Harrison

        Re: Presumably with superuser access

        Easier said than done after they recently changed Facebook mobile browser access to disallow messaging. Also it will nag the hell out of you all the time "why haven't you installed the app", "this would work much better if you installed the app", etc, ad nauseam.

    2. IsJustabloke
      Facepalm

      Re: Presumably with superuser access

      "without reading the Ts&Cs,"

      Whereas you read every last line of every single T&Cs you are presented with

      1. Anonymous Coward
        Anonymous Coward

        Re: Presumably with superuser access

        Whereas you read every last line of every single T&Cs you are presented with

        He might not, but I do - even better, I understand what it actually says. That's why I refuse to use Google too.

  5. Anonymous Coward
    Anonymous Coward

    Facebook Crimes & Lies Chapter-2

    .....'May not have been intentional.'....

    So with everything we now know... Up to 2 Billion slurped, of which 87m are guaranteed. Plus, Zuk lying to congress for 10 hours straight and denying Shadow Profiles, or Offline-Tracking of Users / Non-Users. Surely this is an intentional landgrab... Last 'big-slurp' before GDPR / looming US regulation?

  6. John Crisp

    Slurp on

    Just wondering how the forced acceptance of apps data slurping is going to stand up to GDPR.

    Noticeable all the leading contenders are forcing you to accept their terms, or else.

    I thought consent to give away your data had to be 'freely given' and not coerced (and what about all your contacts data that gets slurped too?)

    Looking forward to some interesting case law....

    1. Danny 14

      Re: Slurp on

      it doesnt. their stance is sign away your data of no service. Thats not gdpr compliant.

    2. Lord Elpuss Silver badge

      Re: Slurp on

      AFAIK, GDPR explicitly forbids service in return for personal data, unless that personal data is necessary for providing the service.

      So saying "If you want us to send you a some crappy copy/paste on what the name of your firstborn child allegedly means, please enter their name and your email below" is OK, whereas "In order to send cat videos to your mates, please enter the name of your firstborn child and your email below" is not ok.

      GDPR also says that data must only be used for the purpose(s) for which consent has specifically been given, and must be destroyed when it is no longer needed for that purpose. So once you've sent your email saying 'The name 'Fartboy' has its origins in Middle-eastern heraldic runes dating from 1297' etc, you are required to destroy your copy of the data. burying some text in the privacy agreement saying you reserve the right to keep it forever and/or mail it to relevant marketing companies who will send you spam is absolutely NOT ok.

      Additionally: you have the right to request what data a company has on you, who they've given it to, and exactly what they will be using it for. If you don't like it, you can demand it's deletion/destruction, and the company you gave it to is required to (a) do it within 1 month, and (b) make sure anybody else they've given it to also destroys it within 1 month.

      GDPR is A GOOD THING. More than a few parasitic marketing companies will be sh*tting themselves roundabout now.

  7. BlueTemplar

    Did you knew ?

    40% of Google Play apps are sending data to Facebook !

    https://thenextweb.com/facebook/2018/03/26/facebook-tracking-present-41-popular-android-apps/

    1. JohnFen

      Re: Did you knew ?

      Yep.

      Apps are toxic, which is why I keep mine to a minimum and I firewall everything off so that nothing gets to send data from my phone without my express permission.

    2. Anonymous Coward
      Anonymous Coward

      Re: Did you knew ?

      What data? Data from their own app sandboxes? Like how often you play the particular app and how many IAP you made?

      Let's be clear here, it's not sending data from your phone, Android security model clearly prevents this, the only data of could send is data from within the apps own sandbox.

      1. skalamanga

        Re: Did you knew ?

        Personal data available to that sandbox depends on what privelidges you granted it, like, maybe it requested access to your contacts, or maybe superuser access...

        1. Danny 14

          Re: Did you knew ?

          or pictures for screenshots. contacts to invite friends. email address for account purposes. etc etc

        2. Anonymous Coward
          Anonymous Coward

          Re: Did you knew ?

          If you rooted your phone, you obviously have to regard for privacy or security, as clearly rooting a phone opens up a whole world of hurt, and breaks trust chain (do you trust whatever exploit you used to root to not have delivered bonus features?)

          Granting farmville game access to your contacts and then wondering why Facebook has your contacts, that's a pretty dumb thing to do, and perhaps modern technology isn't for you, if you don't understand basic questions and their consequences.

          Let's not forget iOS never has proper sandboxes, and for years apps were slurping contact data without needing to grant ANY permission whatsoever...

          https://thenextweb.com/insider/2012/02/15/what-ios-apps-are-grabbing-your-data-why-they-do-it-and-what-should-be-done/

        3. Jamie Jones Silver badge

          Re: Did you knew ?

          Additionally, there are major problems due to the retarded use of FAT for external sdcard access (they are attempting to tighten it down with emulated filesystem layers hacks these days) [presumably so you can shove your card straight into your pc - despite MTP (https://en.wikipedia.org/wiki/Media_Transfer_Protocol being available ]

          An app may legitimately ask for "media/sd/external storage access" to store large amount of details, but granting it gives full access (read write) to the whole card, as there are no file-ownership attributes - that includes all apps that may use it for storage and code - all your videos, pics, etc.etc. -- everything).

          Some of the other permissions are actually quite lax too (like facebook, appeasing the developer not protecting the consumer, and assuming developers will play nice)

        4. Anonymous Coward
          Anonymous Coward

          Re: Did you knew ?

          "maybe it requested access to your contacts, or maybe superuser access..."

          Lol, you really don't understand the Android security model do you?

          Superuser is not an Android app permission....

      2. Jamie Jones Silver badge

        Re: Did you knew ?

        The android sandbox is rather leaky. Even with *no additional privileges* it is allowed network access, and general "world" rights on the Linux sub-system.

        For instance, you can be uniquely tracked (Mac address), located (wifi-location services via arp lookup of AP mac address), sites you connect to (netstat), os version/patch level/hardware info (uname, etc,) - and all sorts of other stuff.

        Imagine if you were running linux on your home desktop - what could an application do with a 'guest login' shell, and the ability to phone home? - there's the problem - that's what an android app has.

        1. Anonymous Coward
          Anonymous Coward

          Re: Did you knew ?

          Utter nonsense....

          https://stackoverflow.com/a/11705949

          Before Android 6.0 you needed a permission, since then, it's no longer available...

          Congratulations, you get my fail of the week.

          1. Jamie Jones Silver badge

            Re: Did you knew ?

            Utter nonsense....

            https://stackoverflow.com/a/11705949

            Before Android 6.0 you needed a permission, since then, it's no longer available...

            Congratulations, you get my fail of the week.

            Hey Mr anon. A quick tip:

            People often make mistakes - we are after all, human.

            However, if you are going to call somones post out as "utter nonsense" or accuse them of being your "fail of the week", you better be bloody sure you are correct.

            You aren't.

            So, in the spirit of your condescending reply, I respond:

            My post is true, not nonsense.

            Unlike you, "anon", my post was based on personal investigation, not on "what someone else says".

            Unlike you, "anon", if I'm going to dispute what someone says, I'm not arrogant enough that I don't check my facts first.

            Try it yourself:

            Create an app, with NO PRIVILEGES - then read the text file /proc/net/arp

            To help you out, I just modified an apk for you to test it yourself: http://www.jamielandegjones.com/android/get-mac-without-privs.apk

            Now, normally you wouldn't sideload an unknown app from "random internet poster", right? But, as you are so confident of the android security model, you'll have no problem installing this - it clearly requests no privileges.

            Fire it up. It's a terminal emulator, installed with zero permissions.

            Now type:

            cat /proc/net/arp

            This works up to android 5 at least, and I suspect it works on 6 and maybe even 7 - access to proc was restricted in 7 or maybe 8, but I haven't had a chance to test it to see how thorough the restriction is.

            Whilst here, use that app to have a good old nose around, install some homemade c executables to test ioctl and other calls.

            You'll be surprised at what you see.

            So, in summary, the utter nonsense is your reply. How's that "fail of the week" going now?

            1. Jamie Jones Silver badge

              Re: Did you knew ?

              I forgot to mention: Whilst "cat /proc/net/arp" will give you the mac of the router, to find your own mac, again, WITHOUT any special privileges, open a socket to AF_NETLINK, or from the command line:

              iplink

              If that doesn't exist, download a "busybox" binary, and type "busybox iplink"

              So there you have it: MACs of both the router and your own device. - without permissions - at least as far as Lollipop.

              As I said, look at android from a Linux point of view, rather than from an android point of view - you'll be surprised.

      3. JohnFen

        Re: Did you knew ?

        "What data? Data from their own app sandboxes? Like how often you play the particular app and how many IAP you made?"

        IAP? Do you mean in-app purchases? That would be an understandable data exchange, for obvious reasons, but I never engage in in-app purchases.

        Aside from that, yes -- app-related data, as well as whatever personal data the app requires access to (address book, etc.). Unless the data is required in order to perform the function the app is designed to perform, no app should be sending any data from my devices.

  8. Anonymous Coward
    Anonymous Coward

    I know of a few apps in the past that do this, only to check for rooted devices, so they can deny use of the app on said rooted devices

    1. Charles 9

      And that number is growing. Puts you in a vice when you need a root-aware app (say for work) but don't really trust it's behind-the-beck behavior.

      1. Danny 14

        xposed does a reasonable job of being able to hide root.

        1. Charles 9

          But it can't hide the custom taint, especially with Marshmallow and up due to dm-verity being enforced at boot time. Some apps check for this as well as root, and IIRC it's strictly enforced from Nougat on. Plus Samsung devices have that Knox fuse.

      2. Anonymous Coward
        Anonymous Coward

        re: root-aware app (say for work)

        I've had the reverse ... work apps that refuse to work on a rooted phone. Rather put a crimp in our BYOD strategy, as most users had rooted phones.

        I've made an executive decision now that I won't root my phone - so no point installing apps that need it.

        1. JohnFen

          Re: re: root-aware app (say for work)

          "Rather put a crimp in our BYOD strategy"

          There is no way that I would ever allow my personal device to take part in the BYOD schemes I've seen -- they all require the installation of software that is far too invasive.

          So, if I need a smartphone for work, I just ask my employer to supply one, and I only use it for work-related purposes.

  9. Anonymous Coward
    Anonymous Coward

    "We do not need or want these permissions, and we have already fixed this issue. We apologize for any confusion,”

    But we're gonna take the data anyway via a different route ... one that won't ask for your permission this time.

  10. Anonymous Coward
    Anonymous Coward

    Evil by Design

    © The Tory Party 1979, Distribiuted under license.

    1. skalamanga

      Re: Evil by Design

      "Take from the honest, hard working lower classes, give to the freeloaders and criminals"

      - ©Labour, probably.

      1. Chris G

        Re: Evil by Design

        © The Tory Party 1979, Distribiuted under license.

        "Take from the honest, hard working lower classes, give to the freeloaders and criminals"

        - ©Labour, probably.

        The only real difference between the two above is the top one redistributes upwards mostly and the bottom one redistributes downwards mostly but both feather their own nests and the lot in the middle, the people who work for a living and generate the wealth are the resource from which the redistribution is made.

  11. OffBeatMammal

    removing the FB app from my phone (a few years ago now - https://offbeatmammal.com/2014/01/14/why-i-uninstalled-facebook-and-your-app-might-be-next/) feels like a very smart decision now. Their permission (and data grab) has always been pretty egregious but coupled with their track record of bad behaviour means they (and Whatsapp etc) have no place on any of my devices unless I can block pretty much every permission request.

    1. Voland's right hand Silver badge

      First thing to disable on a new phone (disabled on all phones in the household).

      Second is Tw*tter

      Third is GooTube.

      Fourth is the new slurp verion of the Android Email app that actually shoves your mail to Google - K9 instead.

      That is the minimum "surgery" reqs before use.

      1. JimmyPage Silver badge
        FAIL

        RE: First thing to disable on a new phone

        Why disable ?

        I wouldn't buy a phone with it installed to start with. Which rules out all network branded phones.

        1. Peter Quirk

          Re: RE: First thing to disable on a new phone

          On my non-carrier, unlocked Samsung S9, Facebook is classified a a SYSTEM APP, which cannot be uninstalled!

  12. Andrew Downes

    Sorry, but it's a very poor sensationalist article

    I wouldn't normally defend Facebook and I don't run the app.

    BUT "superuser" is a feature *only* on rooted android phones. Facebook pointed this out in their response, why couldn't el reg?

    Could the user just decline the permission? There's no claim that the app stopped working if the user did?

    If you root your phone you're taking bigger risks than your Facebook data. You should understand what you're doing (obviously some don't). You changed a fundamental feature of the OS and voided any warranty. Why expect app developers to test on rooted devices anyway?

    You don't even need root to install a modded OS like lineage, just an unlocked bootloader.

    1. Tim99 Silver badge
      Coat

      Re: Sorry, but it's a very poor sensationalist article

      "BUT "superuser" is a feature *only* on rooted android phones. Facebook pointed this out in their response, why couldn't el reg?

      You do know that the TLA's are particularly interested in people who root their android device? Obviously the only reason someone would want to do that is to avoid the "normal" tracking built into any Google based system, so they are probably potential terrorists...

    2. Voland's right hand Silver badge

      Re: Sorry, but it's a very poor sensationalist article

      BUT "superuser" is a feature *only* on rooted android phones. Facebook pointed this out in their response, why couldn't el reg?

      Which is exactly why this is a Hanlon Razor case - do not seek malice where stupidity will suffice.

      F***book has a RIDICULOUS permission list on a normal phone. It asks for nearly everything. Here is the list after purging duplicates resulting from permission name changes across Android versions (make sure you are sitting comfortably and do not fall off your chair):

      This app has access to:

      Device & app history: retrieve running apps

      Identity: find accounts on the device, add or remove accounts. read your own contact card

      Calendar: read calendar events plus confidential information, add or modify calendar events and send email to guests without owners' knowledge

      Contacts: find accounts on the device, read your contacts, modify your contacts

      Location: approximate location (network-based), precise location (GPS and network-based)

      SMS: read your text messages (SMS or MMS)

      Phone: read phone status and identity

      Photos / Media / Files: read the contents of your USB storage, modify or delete the contents of your USB storage

      Storage: read the contents of your USB storage, modify or delete the contents of your USB storage

      Camera:take pictures and videos

      Microphone: record audio

      Wi-Fi connection information: view Wi-Fi connections

      Device ID & call information: read phone status and identity

      Phone: directly call phone numbers, read phone status and identity

      Phone: read call log, read phone status and identity, write call log

      Identity: find accounts on the device

      Contacts: find accounts on the device

      Identity: find accounts on the device, add or remove accounts

      Other: download files without notification, receive data from Internet, adjust your wallpaper size, view network connections, create accounts and set passwords, read battery statistics, pair with Bluetooth devices, access Bluetooth settings, send sticky broadcast, change network connectivity, connect and disconnect from Wi-Fi, full network access, change your audio settings, read sync settings, run at startup, draw over other apps, control vibration, prevent device from sleeping, modify system settings, toggle sync on and off, install shortcuts, read Google service configuration,

      change network connectivity, reorder running apps, set wallpaper

      I believe that this is all permissions known to Android +/- one or two. So someone in their development team got lazy and decided that "if I am on a rooted phone I might as well just ask for everything at once".

    3. Anonymous Coward
      Anonymous Coward

      Re: Sorry, but it's a very poor sensationalist article

      Indeed, this is obviously clickbait low quality "journalism".

      The key paragraph missed out the very key word rooted (which means I applies to a miniscule percentage of devices).

      "For Android devices, the "superuser" classification would basically grant an app full access to the device.

      This needs the word rooted or modified to make it anything but click bait

      No wonder so many iPhone cretins have their tiny brains filled with so much Android misinformation, when they media spews it into their mouths.

    4. mark l 2 Silver badge

      Re: Sorry, but it's a very poor sensationalist article

      I rooted my phone so i could uninstall system apps that I could not remove by any other way, also rooting allowed me to install AFWall firewall app which allows me to control which apps can get access to the internet.

      A firewall apps should really come installed by default so i don't need to root to install one. I tried norootfirewall which worked well but would not work with tethering enabled

      1. GIRZiM

        Re: A firewall apps should really come installed by default

        The best non-root firewall I've found so far is NetPatch Firewall - the domain blocking is really useful for preventing ad-slinging networks from cluttering up my display.

        On a rooted phone it is, naturally, even more powerful.

    5. Chronos
      Facepalm

      Re: Sorry, but it's a very poor sensationalist article

      The takeaway from this article is that FB devs don't really know exactly which permissions they're asking for so they're taking the cluster bomb approach, as in ask for everything. Android permissions are granular for a very good reason and, on Lineage, they're thrust in your face at every opportunity to give you a choice if you have privacy guard enabled by default.

      One wonders just what other permissions they have "accidentally" requested on install if they can "overlook" a root request. Send premium texts? Activate the camera or mic? Dial 09 numbers?

      FB is looking more and more toxic by the second.

      . <- and that's the point

  13. The Boojum

    "We <del>do not</del> need <del>or</del> and want these permissions, and we have already fixed this issue to extend it to all Android phones. We apologize for any confusion,” Facebook commented.

  14. CommanderGalaxian
    Facepalm

    So Facebook's response is to shoot the messenger basically

    "...caused a small number of people running the Facebook app and certain permission management apps on rooted Android phones to see a request for additional access permissions..."

    How unfortunate that some people spotted those super user requests, if only every Android user had been a sheep...

    1. cd

      Re: So Facebook's response is to shoot the messenger basically

      Android users are electric sheep.

      1. Anonymous Coward
        Anonymous Coward

        Re: So Facebook's response is to shoot the messenger basically

        Dream of electric sheep (possibly).

  15. Joseph Haig

    Just don't use the app

    You can still use Facebook in the mobile browser and get most of the functionality. It will tell you that you need the app for viewing messages but that is a lie and they are accessible by using a non-standard browser such as Opera.

  16. Anonymous Coward
    Anonymous Coward

    PR manual needs update

    The proverbial "a small number of people were affected" is getting a bit tired.

  17. Jamie Jones Silver badge

    Conspiracy theories

    However much you hate facebook, they'd never do this intentionally... (Though, maybe a rogue person intent on causing them damage was the culprit?

    1. noboard

      Re: Conspiracy theories

      You really need a joke icon* with that comment.

      *As I can't see icons on any of the posts, my apologies if you have put one on.

  18. Wolfclaw

    Translation of FB press release, oh sh!t we got caught again trying to mine user details, quick come up with a lame bug excuse, say sorry, remove it and wait a few months for the world to forget before we introduce the next privacy invading feature.

  19. Anonymous Coward
    Anonymous Coward

    Lord Zuck is pushing his luck

    Your data he shall suck.

  20. Paul 195

    The Facebook app is a resource hogging PITA. I went back to using the mobile version of the website about a year before I finally quit using FB completely. There are very few mobile apps that couldn't be simply replaced by a decent website, and then you don't have to play security bingo while you try to work out whether all the permissions being requested are actually reasonable.

    1. Anonymous Coward
      Anonymous Coward

      Until those mobile websites are hacked and you get hit with drive-by attacks...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like