Facebook has announced the implementation of new settings to make it easier for white hat hackers to test the security of its mobile applications.
To protect Facebook users, the mobile apps of the company implement security mechanisms such as Certificate Pinning that ensures the integrity and confidentiality of the traffic sent from the user device to Facebook servers.
While measures like the certificate pinning improve the overall security of the platform, they make it harder for experts to test Facebook mobile apps for server-side security bugs.
Facebook has decided to introduce new settings that white hat hackers can change on their own accounts so that they can inspect network traffic associated with Facebook, Messenger. and Instagram applications during testing sessions.
“Today we are pleased to announce that we heard the feedback and implemented a means for security researchers to analyze network traffic on Facebook, Messenger and Instagram Android applications on their own accounts for bug bounty purposes.” reads the announcement published by Facebook.
“We advise turning these settings off while not testing our website for security vulnerabilities.”
Once the users have enabled the ‘Whitehat Settings,’ a button will be displayed in the selected app’s menu and an alert is displayed at the top of the screen to warn that traffic may be monitored.
(SecurityAffairs – Facebook Whitehat settings, penetration testing)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.