Computers & Electronics

Revealed: Facebook Has Been Installing Root Level Backdoors on iPhones for Years

  • Last Updated:
  • Jan 31st, 2019 11:31 pm
[OP]
Deal Addict
Jan 16, 2015
2423 posts
1873 upvotes
Cochrane, AB

Revealed: Facebook Has Been Installing Root Level Backdoors on iPhones for Years

If you've ever installed got conned into Facebook's Facebook Research or Onavo apps, consider all the information and passwords on your iPhone as stolen. It has now been revealed that Facebook has been recruiting kids and adults using fake shell companies to install the malicious Facebook Research app that actually installs a root level certificate onto your iPhone granting Facebook root level access to the phone where it grabs your emails, photos, full web traffic, etc... This certificate even lets it decrypt encrypted web traffic so all your passwords used on your iPhone have been uploaded to Facebook and are in plain text. Basically, you've pwned yourself and Facebook has the entire contents of your phone and more if you installed their malicious apps.

https://techcrunch.com/2019/01/29/faceb ... ect-atlas/
14 replies
Deal Addict
Jan 13, 2014
1441 posts
612 upvotes
Calgary
Now the question is whether this is happening to Android users too

Edit......
Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app.
Deal Guru
User avatar
Jun 27, 2004
11701 posts
1394 upvotes
Vancouver.bc.ca
This is curious. Apple can make up rules on how to use their OS?
"... even at the risk of breaking the rules of Apple’s iOS platform on which it depends."
Deal Expert
Aug 22, 2006
24583 posts
10042 upvotes
rabbit wrote:
Jan 30th, 2019 2:05 am
This is curious. Apple can make up rules on how to use their OS?
Yup. Lots of hoops to jump through to be listed on the App store.
This isn't even an iOS problem. Android has the same rules.

Even using Google's services on Android requires a bunch of rule following.
Android itself is open source, but it basically doesn't include anything of use.
You have to follow guidelines in order to get the "full experience"

Now... once it's in the hands of the end user, all bets are off as in this case.
These apps weren't part of the play store. They were side loaded in so they didn't have to follow the rules.
Deal Guru
Aug 14, 2007
10019 posts
1375 upvotes
Toronto
Every time I hear something about Facebook it just makes me happy I don't use it
Deal Addict
User avatar
Feb 12, 2008
3962 posts
115 upvotes
Toronto
XtremeModder wrote:
Jan 30th, 2019 2:45 pm
Every time I hear something about Facebook it just makes me happy I don't use it
+1. Glad I don't have an account. Useless IMO
Nothing to see here...keep looking.
Deal Guru
User avatar
Jun 27, 2004
11701 posts
1394 upvotes
Vancouver.bc.ca
death_hawk wrote:
Jan 30th, 2019 3:26 am
Yup. Lots of hoops to jump through to be listed on the App store.
This isn't even an iOS problem. Android has the same rules.

...

Now... once it's in the hands of the end user, all bets are off as in this case.
These apps weren't part of the play store. They were side loaded in so they didn't have to follow the rules.
Yeah, app store rules I can understand. The way "they" wrote it sounded like even if Facebook offered an app via their own website, Apple can ban it somehow. Oh well, as an Android guy, it's not my problem :) . FOSS for the win.
Deal Addict
Jan 18, 2009
2253 posts
886 upvotes
Facebook is the mafia of the digital age. All hail Don Zuck.

Mafioso of 60' have code about kids. Now, Facebook is all about deceiving and taking advantage of the youngs.
The first rule of Fight Club is: you do not talk about Usenet
Newbie
Nov 5, 2011
54 posts
11 upvotes
Wow, what a misleading thread title and post... People were paid and willingly installed this Facebook Research app, knowing exactly what info they were providing to Facebook. This is all explained in the article linked...

Yes Facebook can be sketchy as far as privacy goes, but you need to remember that what Facebook knows about you is what you willingly provide to them by using their services.
Deal Expert
Aug 22, 2006
24583 posts
10042 upvotes
reptile wrote:
Jan 31st, 2019 10:20 am
knowing exactly what info they were providing to Facebook
I mean... unless you're technically inclined, I wouldn't assume that 100% of data (even stuff that should be encrypted) was being sent there.
This is (supposed to be) market research, not NSA.

But it's Facebook: the 2nd place data mining so I'm not expecting any less.
Deal Expert
Mar 23, 2004
24805 posts
5076 upvotes
LOL Facebook and Crapple stuff. Sounds like a match made for the 60+ crowd :lol:

I dunno who else is fool enough to either have a fb account or buy Crapple garbaaaage.
[OP]
Deal Addict
Jan 16, 2015
2423 posts
1873 upvotes
Cochrane, AB
Looks like Apple was only spewing hot air and has no real intention of punishing Facebook. Apple restored Facebook's enterprise certificates 1 day after blocking them. Meaning that all the root level malware apps from Facebook will run again. Looks like Apple runs security theatre like the TSA runs airport screening.

https://www.theverge.com/2019/1/31/1820 ... ertificate
Deal Fanatic
User avatar
May 9, 2009
5694 posts
1524 upvotes
Montreal
rabbit wrote:
Jan 30th, 2019 2:05 am
This is curious. Apple can make up rules on how to use their OS?
"... even at the risk of breaking the rules of Apple’s iOS platform on which it depends."
Of course it can. Specifically, in this case, Facebook has an enterprise certificate which allows them to bypass the App Store (and all it's rules and checks) when installing test versions of apps or internal employee-only apps (for examples, Facebook employees have an internal app that allows them to arrange rideshares). They wrongly used their enterprise certificate for this Facebook Research app.

Google was caught doing something similar and lost their enterprise certificate today too: https://www.theverge.com/2019/1/31/1820 ... ertificate
Deal Addict
Apr 5, 2016
3637 posts
2275 upvotes
Calgary/Vancouver
Zero1 wrote:
Jan 30th, 2019 3:18 pm
+1. Glad I don't have an account. Useless IMO
Facebook stocks are good though
Current Fido customer.
Ex Koodo customer.

Top