Today we heard that Facebook for iOS and Android can be exploited in a way that allows people with malicious intent to steal login information for the site. However, Facebook has said that the exploit only works when the OS has been modified in some way, such as in a jailbreak. It also works if the person is given physical access to the device, reports Ars.
Basically, for anything bad to happen, according to Facebook, the user must modify the OS. They told Ars that, “Facebook’s iOS and Android applications are only intended for use with the manufacturer provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device.”
They added that they test the app “on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device.”
Ars gets a bit more technical and explains how it works. You can check out their report, here.