Connect with us

FACEBOOK

These Nine Android Apps May Have Stolen Your Facebook Login Information

Published

on

Illustration for article titled These Nine Android Apps May Have Stolen Your Facebook Login Information

Photo: Lionel Bonaventure (Getty Images)

Google has kicked nine Android apps with more than 5.8 million combined downloads off its Play Store after researchers discovered they contained malicious code used to steal users’ Facebook login credentials, according to the Russian anti-virus software firm Dr. Web.

As reported by Ars Technica, these trojan apps were designed to look and function like legitimate services for photo editing, exercising, clearing up storage space on your device, and providing daily horoscopes, Dr. Web’s malware analysts said in a post this week. In reality, this was all elaborate front to trick users into sharing their Facebook usernames and passwords.

Here’s how the scheme worked: Each offered users an option to unlock all the apps’ functions and get rid of in-app ads by logging into their Facebook accounts, which likely wouldn’t raise too many eyebrows since a lot of mobile services let you sync your social media accounts. Upon choosing this option, the apps would then load a legitimate Facebook login page containing fields for entering usernames and passwords. Whatever users typed into these forms would go directly to a computer controlled by the hackers, called a command-and-control server, via some cleverly concealed malicious code, Dr. Web researchers wrote:

Advertisement
free widgets for website

These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

The analysts discovered 10 malicious trojan apps in total, nine of which were previously available on the Google Play Store. Two apps posing as photo editing services made up the most downloads by far: PIP Photo with over 5 million installations and Processing Photo with over 500,000. Three other apps had more than 100,000 downloads each.

If you downloaded any of the apps listed below, you should consider updating your Facebook login information immediately and check your other online accounts for fraudulent activity:

G/O Media may get a commission

  • Processing Photo
  • PIP Photo
  • Rubbish Cleaner
  • App Lock Keep
  • App Lock Manager
  • Lockit Master
  • Horoscope Pi
  • Horoscope Daily
  • Inwell Fitness

Analysts identified five malware variants hidden inside these apps: Android.PWS.Facebook.13, Android.PWS.Facebook.14, and Android.PWS.Facebook.15, which are native to Android apps, and Android.PWS.Facebook.17 and Android.PWS.Facebook.18, which use Google’s Flutter framework designed for cross-platform compatibility. Since they all use nearly identical methods, code, and file formats to steal user data, Dr. Web classifies all five as the same trojan.

All nine of these apps no longer appear in Play Store search results. A Google spokesperson told Ars Technica that the developers behind these apps have also been banned, thus prohibiting them from submitting new apps.

Advertisement
free widgets for website

Read More

See also  Allowing Users to Promote Stories as Ads (via Marketing API)
Continue Reading
Advertisement free widgets for website
Click to comment

Leave a Reply

Your email address will not be published.

FACEBOOK

Messenger Private Reply Updates for the Developer Community

Published

on

By

messenger-private-reply-updates-for-the-developer-community

Private Replies allows a business’ Facebook Page to send a single message to a person who published a post, who commented on a post or commented on the Page.

Support for Private Reply for Groups

In September, we extended this support for Facebook Groups, allowing businesses to be able to send private replies to a person who commented on their Page’s post in Facebook Groups.

How it Works

To send a private reply to a post or comment, send a POST request to the /PAGE-ID/messages endpoint with the recipient parameter set to the post_id or comment_id and the message parameter set to the message you wish to send.

The following example shows a reply to a post published on your Page by a customer:

Hi, I want to buy a gift for my nephew. Do you have any suggestions?

Advertisement
free widgets for website
  curl -X POST -H "Content-Type: application/json" -d '{     "recipient": {         "post_id": "PAGE-POST-ID"     },          "message": {       "attachment":{         "type":"template",         "payload":{           "template_type":"button",           "text":"Of course, what is your budget for the gift?",           "buttons":[               {                   "type": "postback",                   "title": "LESS THAN $20",                   "payload": "GIFT_BUDGET_20_PAYLOAD"               },               {                   "type": "postback",                   "title": "$20 TO $50",                   "payload": "GIFT_BUDGET_20_TO_50_PAYLOAD"               },               {                   "type": "postback",                   "title": "MORE THAN $50",                   "payload": "GIFT_BUDGET_50_PAYLOAD"               }           ]         }       }     } }' "https://graph.facebook.com//PAGE-ID/messages?access_token="

Triggers a Private Reply flow like this.

For more information, please review the below documents:

First seen at developers.facebook.com

See also  How to Interpret Webhook Components in the WhatsApp Business Platform
Continue Reading

FACEBOOK

Enabling developers to create innovative AIs on Messenger and WhatsApp

Published

on

By

enabling-developers-to-create-innovative-ais-on-messenger-and-whatsapp

Every week over 1 billion people connect with businesses on our messaging apps. Many of these conversations are made possible by the thousands of developers who build innovative and engaging experiences on Messenger, Instagram and WhatsApp.

Since opening access to our Llama family of large language models, we’ve seen lots of momentum and innovation with more than 30 million downloads to date. As our messaging services continue to evolve, we believe the technology from Llama and other generative AI models have the potential to enhance business messaging through more natural, conversational experiences.

At Connect Meta announced that developers will be able to build third-party AIs – a term we use to refer to our generative AI-powered assistants – for our messaging services.

We’re making it easy for any developer to get started, so we’re simplifying the developer onboarding process and providing access to APIs for AIs that make it possible to build new conversational experiences within our messaging apps.

All developers will be able to access the new onboarding experience and features on Messenger in the coming weeks. For WhatsApp, we’ll be opening a Beta program in November – if you’re interested in participating please sign up to the waitlist here to learn more.

Advertisement
free widgets for website

We’ll keep everyone updated as we make these tools available to more developers later this year. We look forward to your feedback and seeing what you create.

First seen at developers.facebook.com

See also  Facebook under fire for burying research into mental health impact | Financial Times
Continue Reading

FACEBOOK

Introducing Facebook Graph API v18.0 and Marketing API v18.0

Published

on

By

introducing-facebook-graph-api-v180-and-marketing-api-v18.0

Today, we are releasing Facebook Graph API v18.0 and Marketing API v18.0. As part of this release, we are highlighting changes below that we believe are relevant to parts of our developer community. These changes include announcements, product updates, and notifications on deprecations that we believe are relevant to your application(s)’ integration with our platform.

For a complete list of all changes and their details, please visit our changelog.

General Updates

Consolidation of Audience Location Status Options for Location Targeting

As previously announced in May 2023, we have consolidated Audience Location Status to our current default option of “People living in or recently in this location” when choosing the type of audience to reach within their Location Targeting selections. This update reflects a consolidation of other previously available options and removal of our “People traveling in this location” option.

We are making this change as part of our ongoing efforts to deliver more value to businesses, simplify our ads system, and streamline our targeting options in order to increase performance efficiency and remove options that have low usage.

This update will apply to new or duplicated campaigns. Existing campaigns created prior to launch will not be entered in this new experience unless they are in draft mode or duplicated.

Advertisement
free widgets for website

Add “add_security_recommendation” and “code_expiration_minutes” to WA Message Templates API

Earlier this year, we released WhatsApp’s authentication solution which enabled creating and sending authentication templates with native buttons and preset authentication messages. With the release of Graph API v18, we’re making improvements to the retrieval of authentication templates, making the end-to-end authentication template process easier for BSPs and businesses.

With Graph API v18, BSPs and businesses can have better visibility into preset authentication message template content after creation. Specifically, payloads will return preset content configuration options, in addition to the text used by WhatsApp. This improvement can enable BSPs and businesses to build “edit” UIs for authentication templates that can be constructed on top of the API.

See also  Upcoming Restriction Period for US ads about social issues, elections, or politics

Note that errors may occur when upgrading to Graph API v18 if BSPs or businesses are taking the entire response from the GET request and providing it back to the POST request to update templates. To resolve, the body/header/footer text fields should be dropped before passing back into the API.

Re-launching dev docs and changelogs for creating Call Ads

  • Facebook Reels Placement for Call Ads

    Meta is releasing the ability to deliver Call Ads through the Facebook Reels platform. Call ads allow users to call businesses in the moment of consideration when they view an ad, and help businesses drive more complex discussions with interested users. This is an opportunity for businesses to advertise with call ads based on peoples’ real-time behavior on Facebook. Under the Ad set Level within Ads Manager, businesses can choose to add “Facebook Reels” Under the Placements section.
  • Re-Launching Call Ads via API

    On September 12, 2023, we’re providing updated guidance on how to create Call Ads via the API. We are introducing documentation solely for Call Ads, so that 3P developers can more easily create Call Ads’ campaigns and know how to view insights about their ongoing call ad campaigns, including call-related metrics. In the future, we also plan to support Call Add-ons via our API platform. Developers should have access to the general permissions necessary to create general ads in order to create Call Ads via the API platform.

    Please refer to developer documentation for additional information.

Deprecations & Breaking Changes

Graph API changes for user granular permission feature

We are updating two graph API endpoints for WhatsAppBusinessAccount. These endpoints are as follows:

  • Retrieve message templates associated with WhatsAppBusiness Account
  • Retrieve phone numbers associated with WhatsAppBusiness Account

With v18, we are rolling out a new feature “user granular permission”. All existing users who are already added to WhatsAppBusinessAccount will be backfilled and will continue to have access (no impact).

The admin has the flexibility to change these permissions. If the admin changes the permission and removes access to view message templates or phone numbers for one of their users, that specific user will start getting an error message saying you do not have permission to view message templates or phone numbers on all versions v18 and older.

Advertisement
free widgets for website

Deprecate legacy metrics naming for IG Media and User Insights

Starting on September 12, Instagram will remove duplicative and legacy, insights metrics from the Instagram Graph API in order to share a single source of metrics to our developers.

This new upgrade reduces any confusion as well as increases the reliability and quality of our reporting.

After 90 days of this launch (i.e. December 11, 2023), we will remove all these duplicative and legacy insights metrics from the Instagram Graph API on all versions in order to be more consistent with the Instagram app.

We appreciate all the feedback that we’ve received from our developer community, and look forward to continuing to work together.

Please review the media insights and user insights developer documentation to learn more.

Advertisement
free widgets for website

Deprecate all Facebook Wi-Fi v1 and Facebook Wi-Fi v2 endpoints

Facebook Wi-Fi was designed to improve the experience of connecting to Wi-Fi hotspots at businesses. It allowed a merchant’s customers to get free Wi-Fi simply by checking in on Facebook. It also allowed merchants to control who could use their Wi-Fi and for how long, and integrated with ads to enable targeting to customers who had used the merchant’s Wi-Fi. This product was deprecated on June 12, 2023. As the partner notice period has ended, all endpoints used by Facebook Wi-Fi v1 and Facebook Wi-Fi v2 have been deprecated and removed.

API Version Deprecations:

As part of Facebook’s versioning schedule for Graph API and Marketing API, please note the upcoming deprecations:

Graph API

  • September 14, 2023: Graph API v11.0 will be deprecated and removed from the platform
  • February 8, 2024: Graph API v12.0 will be deprecated and removed from the platform
  • May 28, 2024: Graph API v13.0 will be deprecated and removed from the platform

Marketing API

  • September 20, 2023: Marketing API v14.0 will be deprecated and removed from the platform
  • September 20, 2023: Marketing API v15.0 will be deprecated and removed from the platform
  • February 06, 2024: Marketing API v16.0 will be deprecated and removed from the platform

To avoid disruption to your business, we recommend migrating all calls to the latest API version that launched today.

Facebook Platform SDK

As part of our 2-year deprecation schedule for Platform SDKs, please note the upcoming deprecations and sunsets:

  • October 2023: Facebook Platform SDK v11.0 or below will be sunset
  • February 2024: Facebook Platform SDK v12.0 or below will be sunset

First seen at developers.facebook.com

See also  Happy Easter Sunday 2021: Wishes, quotes, images for WhatsApp, Facebook, Instagram and ...
Continue Reading

Trending