• Sensei-Banner-Customer-Acquisition6
  • Sensei-Banner-Customer-Development5
  • Sensei-Banner-Customer-Relationship5
  • Sensei-Banner-Influence-Marketing5
  • Sensei-Banner-Influence-Marketing-Book4 (2)

Facebook to Fix Security Issue in iOS App

computer bugFacebook has announced that it will soon be publishing an update to its iOS app, which will fix a flaw in the program that allows phone calls to be made without the user’s knowledge or consent.

So, the downloading and use of a Facebook App could create security threats? Who’d have thunk it? Oh, wait…I could, and did.  Last December I posted an article calling out the Android permission settings on the Facebook Messenger app and others like it. I highlighted the threat that the “without your permission” stipulation, among others, could open the door for malicious third party software or hackers to gain access to your smart phone.

The article created quite a stir when it went viral last month when Facebook began removing the IM function from within its social networking app. For the most part, readers shared my concern; however, a select group of self-proclaimed tech geeks suggested that I was misinforming people and that I was just paranoid. Others pointed to the fact that the permission settings were specific to Android and that the sandboxing offered on Apple’s iOS would prevent such unauthorized access from occurring.

Was I just paranoid?

Are security issues only possible on Android apps thanks to the manner in which it manages permission settings? Well, earlier this week Andrei Neculaesei, a developer at Copenhagen-based Airtame, discovered a dangerous bug in the Facebook iOS app’s programming that might cause potentially expensive calls to be made with your iPhone, without requesting your permission.

Neculaesei shares how the bug works on his blog where he explains that there’s a potential for your iPhone’s calling function to be hijacked when you click on a web link. He calls the bug “some sneaky-beaky-like JavaScript,” which makes the links embedded in websites click themselves.

The threat could be even bigger. Neculaesei predicts that the vulnerability in theses apps could automatically transmit a video feed to attackers when clicking on a link within Facetime, for example. Facebook has announced that it has already developed an update to address the security threat; however, a release date has yet to be listed as of the date of this post.

Are We Right to be Paranoid?

My security concerns over our increasing use of mobile apps, for which we rarely read the permission settings or terms of service, were met with harsh criticism by some who said I was wearing a tinfoil hat and breeding paranoia.

I hate to say “I told you so” but, well, there it is. One of the potential threats I feared has come to life.

Will there be others? Of course there will.

Should you delete all your mobile apps? Of course not.

What we should do is start taking the time to read the fine print before we download apps that request access to our phone’s data and functionality, and really consider if the app’s utility is worth the potential security risks that may come with using it.

Next, we must put more pressure on app manufacturers to be clearer and more specific about how and why they need to access certain data and functions on our phones, and offer limitations on how that data will used once collected. Finally, we must start to insist that they add greater safeguards to protect our data or we’ll stop downloading them.

As developers and marketers of mobile apps, why not take the lead? Put the customer first, see what that does for your bottom line.

Sensei Debates

Are you at all concerned about the increased threat posed by the permission settings and/or terms of use we accept when downloading modern apps?

SamFiorella
Feed your Community, Not Your Ego

Image Credit: ITPro
A version of this post was originally written for Sam’s HuffPo column

8356

Join the Conversation

1 comments
AmyVernon
AmyVernon 5pts

One of the things I found frustrating in the people who were pooh-poohing any security concerns was this fact - that even if these did not pose any security threats, people need to be more aware of the permissions they're giving. And just because a certain permission is needed to do something, it doesn't mean that's the only way it will or can be used.

I have chosen to give permissions to certain apps, some of which are due to my assessment of the company in question. 

Also: Just because you're paranoid doesn't mean no one's out to get you. ;)

Trackbacks

  1. […] Facebook to Fix Security Issue in iOS App – Are you at all concerned about the increased threat posed by the permission settings we accept?  […]


Show Buttons
Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkdin
Share On Stumbleupon
Hide Buttons