Facebook's Android app update is a malware gateway … – Geek.com
One of the great and terrible things about Android is the level of control that is available to the user. Your smartphone is as secure as you are, and as long as you don’t go poking around in thing you don’t understand you’ll be fine. Facebook’s most recent update upsets this general rule, and the end result could be disastrous.
The easiest way to keep your Android smartphone safe is to use it with the out-of-the-box settings — there are plenty of ways you can leave yourself vulnerable to attacks on Android if you do anything else. Rooting your phone can expose you to software attacks, but that usually requires a fair bit of know how. The Android software utilities include the ability to install apps from unknown sources. This feature is great for installing apps that are being beta tested, or apps that aren’t available in the Google Play Store. Facebook has decided to take advantage of this ability through an update to their app.
Facebook’s Android app is pushing an update that bears an oddly technical message. The app explains that you will be able to download new updates as they are available right through the app. The language is a little funny, prompting you to install the latest build, and Facebook has such confidence in their app’s ability to deliver the download that there’s a retry button just in case. This update happens over WiFi, which Facebook touts is a feature for some reason. There are two big issues with this method of updating that have nasty implications for Android users.
The first issue is a fight between Google and Facebook, which may cause the app to be removed from the Play Store at some point. Google has a check system that verifies apps that are installed through their service are only accessing the parts of your phone that you have given permission to access. This goes back to Facebook’s behavior in the past, where they have grabbed contact data from Android phones but refused to share their data back with Android.
The second issue, and perhaps the most significant, is how the app updates are installed. Users will need to have the ability to install software from unverified sources.
In order to safely use this feature, users would need to allow the phone to install from unknown sources manually and then disable the feature after the app was updated. Otherwise, any app could be installed without permission and without the user knowing.
The single greatest infection point for most phones is this feature, which is why it is hidden in the Android menu system and is always off by default on every phone that has been sold. To put users in a situation that requires that option to be enabled for something as commonplace as Facebook is incredibly dangerous.
Read this article: Facebook's Android app update is a malware gateway … – Geek.com