Whitehat settings allow white hat hackers to Test Facebook mobile apps

Pierluigi Paganini March 26, 2019

Facebook introduced new settings designed to make it easier for cyber experts to test the security of its mobile applications.

Facebook has announced the implementation of new settings to make it easier for white hat hackers to test the security of its mobile applications.

To protect Facebook users, the mobile apps of the company implement security mechanisms such as Certificate Pinning that ensures the integrity and confidentiality of the traffic sent from the user device to Facebook servers.

While measures like the certificate pinning improve the overall security of the platform, they make it harder for experts to test Facebook mobile apps for server-side security bugs.

Facebook has decided to introduce new settings that white hat hackers can change on their own accounts so that they can inspect network traffic associated with Facebook, Messenger. and Instagram applications during testing sessions.

“Today we are pleased to announce that we heard the feedback and implemented a means for security researchers to analyze network traffic on Facebook, Messenger and Instagram Android applications on their own accounts for bug bounty purposes.” reads the announcement published by Facebook.

“We advise turning these settings off while not testing our website for security vulnerabilities.”

Facebook settings

Security experts who want test security features of the Facebook mobile apps have to enable the “Whitehat settings” in the web-based version of Facebook and then in the mobile application.

Once the users have enabled the ‘Whitehat Settings,’ a button will be displayed in the selected app’s menu and an alert is displayed at the top of the screen to warn that traffic may be monitored.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Facebook Whitehat settings, penetration testing)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment