As reported by zdnet a new security hole has been revealed in Facebook’s native mobile applications running on jailbroken or rooted devices. This loop hole allows hackers to steal personal information of its users. This security hole effects both Android and iOS smartphones as discovered by Gareth Wright a developer. This problem arises due to the fact that Facebook is not encrypting the login credentials instead storing them in a plain text file and therefore it can be accessible on jailbroken devices. If your smart phone is not jailbroken you don’t need to worry about this vulnerability since Google and Apple restrict access to the filesystem of their smartphones by default therefore hackers can not exploit this vulnerability and steal personal information from you.
Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device. We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.
It is to be noted that Facebook doesn’t use authentication tokens for storing your login information since it is not a good idea because there would be a need to store a key on your device to decrypt. Therefore the viable solution seems to force users to login every time they launch the Facebook application although this is also not a favored solution.