Facebook has announced the implementation of new settings to make it easier for white hat hackers to test the security of its mobile applications.
To protect Facebook users, the mobile apps of the company implement security mechanisms such as Certificate Pinning that ensures the integrity and confidentiality of the traffic sent from the user device to Facebook servers.
While measures like the certificate pinning improve the overall security of the platform, they make it harder for experts to test Facebook mobile apps for server-side security bugs.
Facebook has decided to introduce new settings that white hat hackers can change on their own accounts so that they can inspect network traffic associated with Facebook, Messenger. and Instagram applications during testing sessions.
“Today we are pleased to announce that we heard the feedback and implemented a means for security researchers to analyze network traffic on Facebook, Messenger and Instagram Android applications on their own accounts for bug bounty purposes.” reads the announcement published by Facebook.
“We advise turning these settings off while not testing our website for security vulnerabilities.”
Once the users have enabled the ‘Whitehat Settings,’ a button will be displayed in the selected app’s menu and an alert is displayed at the top of the screen to warn that traffic may be monitored.
(SecurityAffairs – Facebook Whitehat settings, penetration testing)