Facebook SDK Issue Again Causing Numerous iOS Apps to Crash or Freeze

[robinp]

This was a very helpful article. I was puzzled as to why my Ubiquiti Amplifi wifi management app was failing to load. Then I saw this.

Much to my surprise that Facebook has anything to do with the management of my home wifi. I'm now on to Ubiquiti about why on earth Facebook APIs are required at all. I do not use Facebook and do not want them involved in my wifi network.

Beware!

 

[TiggrToo]

It hides my IP and the onion browser does not contain my other cookies that safari would its a blank slate each time. Even the geo location section under security cant give you a location. Its a million times better than Safari. Im also not hiding my name I use most of my real information im more concerned about ip location tracking since I work in a lot of secure locations. China and Russia are in my threat model unlike the average person.

Ten buys you a dozen though that the moment you log in to FB that way they’ve then connected all the dots and still tracking everything you do, including your penchant for using Onion browsers etc.

10 points for using an Onion browser.
-1B points for then logging on to FaceBook with it.

Sure you’ve ticked the anonymous box, however the pseudoanonymous checkbox is wide open.

 

[robinp]

Video demonstrating the crash while trying to open Waze. It's a bit odd that the app remains open despite crashing...

Exactly like that with the Amplifi app.

 

[supremedesigner]

That is insane. Wondered why they do this? Maybe lonely rookie programmer is behind this?

 

[Henk Poley]

I once found code that looks like this issue in a website's main index.php:

if (!$x = file_get_contents('https://api.facebook.com')) {
    exit;
}

Facebook is likely doing something similar to this.

The crashlog says it's SIGABRT. So something is literally calling abort(). It is exactly like your code.

 

[adrianlondon]

People who still use Facebook for anything -> 🤡

The app will still crash on launch, as the developers want the api to load even if you're not going to use it. They probably use it to track you, and send/get advertising data, anyway.

 

[riverfreak]

The most useful things I learned in high school:

1. Don’t use Facebook.

2. If you must, don’t ever install the Facebook app on your mobile device.

3. Install only the most essential apps on your mobile device, in particular omitting adware and/or those that have enabled sideloaded tracking by implementing login with Facebook.

4. Life moves pretty fast. If you don’t stop and look around once in awhile, you might miss it. Oh wait...

 

[Toratek]

I can think of no earthly reason why anyone would put the FB app on their phone. Might as well leave your front door and safe wide open 24-7.

 

[adrianlondon]

I can think of no earthly reason why anyone would put the FB app on their phone. Might as well leave your front door and safe wide open 24-7.

This issue isn't related to any Facebook app on your phone.

 

[robinp]

The most useful things I learned in high school:

1. Don’t use Facebook.

2. If you must, don’t ever install the Facebook app on your mobile device.

3. Install only the most essential apps on your mobile device, in particular omitting adware and/or those that have enabled sideloaded tracking by implementing login with Facebook.

4. Life moves pretty fast. If you don’t stop and look around once in awhile, you might miss it. Oh wait...

I can think of no earthly reason why anyone would put the FB app on their phone. Might as well leave your front door and safe wide open 24-7.

This is not about the Facebook app. It is about other apps that make use of the Facebook API. Often you don't even know you have them. I didn't.

I bet you have an app that uses it and you don't even know.

 

[Unggoy Murderer]

It hides my IP and the onion browser does not contain my other cookies that safari would its a blank slate each time. Even the geo location section under security cant give you a location. Its a million times better than Safari. Im also not hiding my name I use most of my real information im more concerned about ip location tracking since I work in a lot of secure locations. China and Russia are in my threat model unlike the average person.

If you were even remotely concerned about location tracking, you wouldn't be using Facebook at all. These platforms will go to extreme lengths to figure out who you are, Tor will make it a bit more challenging, but they'll have who you are on the surface web down pretty solid. It's not just cookies that Facebook relies on - I can think of at least 20 different ways they could be tracking people down to a high degree of certainty.

 

[ghanwani]

Whatsapp appears to be buggy too. Many times, I cannot hang up when I'm in a whatsapp call--only the other party can do it. Yesterday my phone started ringing like I was getting a call but there was no caller notification screen so I had no idea who was calling and there was no way to accept or reject the call. Eventually it stopped ringing. I found out who the caller was only because they followed up with a text message.

 

[ViDeOmAnCiNi]

damn.. I wondered why Waze just force closed over and over this morning. After I got to work it seemed to run OK so maybe Fakebook already fixed the issue?

 

[Rogifan]

If you are logging in w Facebook you are doing it wrong (I expect the app developer is getting a kickback from FB for offering this button) as you are making it easier for FB to track you.

secondly, if the app developer isn’t offering you sign in with Apple you need to wonder why the developer wants to know about you, how are they monetizing you?

finally, if you are still using Facebook you are enabling a Sociopathic megalomaniac to generate profit while damaging society and you should consider deleting Facebook.

There are some games where the only way you can play with other people you know is if you’re logged in via Facebook. I wish Apple would incentivize developers to use sign on with Apple instead.

 

[riverfreak]

This is not about the Facebook app. It is about other apps that make use of the Facebook API. Often you don't even know you have them. I didn't.

I bet you have an app that uses it and you don't even know.

Understood. See point 3.

At any rate, that’s a bet you would lose. I have two non-stock apps on my phone. Guess what they are.

 

[Analog Kid]

Move fast and break things...

 

[gnasher729]

That’s what they get for adding this spyware to their apps. Apple should reject apps that include all those Spyware SDKs in the first place

It's totally independent of "spyware" or no spyware. Anyone writing spyware with an ounce of intelligence would make sure that their spyware doesn't cause crashes - because crashing spyware cannot spy anymore.

The last time FaceTime caused problems like this, it was caused by a change on their servers, combined by client software that must have been written by an imbecile. (Admittedly if you check out sites like stackoverflow.com, there are many of them and probably a few of them hired at Facebook).
[automerge]1594392106[/automerge]

I was freaking out. I had to drive to work without GPS this morning. I thought something had failed or gotten corrupted in my new iPhone SE. Glad that I'm not the only one.

Next time use Apple Maps.
[automerge]1594392203[/automerge]

Move fast and break things...

New rule at Facebook headquarters: Don't run while holding scissors.

 

[C DM]

Only use FB in iOS Safari. No app installed.

People who still use Facebook for anything -> 🤡

I can think of no earthly reason why anyone would put the FB app on their phone. Might as well leave your front door and safe wide open 24-7.

This isn't related to the Facebook app or using Facebook.

 

[Adreitz]

FYI, the Facebook issue tracker linked in the article now says that the issue has been resolved as of 22 minutes ago.

 

[Puppuccino]

I really do wish Facebook would just close down already. I know another network would takes it place, but at least a fresh start people could re-evaluate how they use social media.

 

[twistedpixel8]

If you are logging in w Facebook you are doing it wrong (I expect the app developer is getting a kickback from FB for offering this button) as you are making it easier for FB to track you.

secondly, if the app developer isn’t offering you sign in with Apple you need to wonder why the developer wants to know about you, how are they monetizing you?

finally, if you are still using Facebook you are enabling a Sociopathic megalomaniac to generate profit while damaging society and you should consider deleting Facebook.

Mine was crashing and I don’t log in with FB. In fact I haven’t used FB in years. It was simply the inclusion of the FB SDK that caused this which is worrying and hopefully a wake up call to developers to stop assuming other people’s **** works.

 

[ipedro]

This is why I started this thread:

How Apple can help kill Facebook

Facebook has grown very problematic in recent years, having gone from a benign friends aggregator to a monolith literally capable of destroying democracy as we know it. My intention for this thread isn't to politicize the topic. After all, whether you're conservative or liberal, we all value...

forums.macrumors.com

Sign In With Apple and Safari privacy features are cutting off Facebook’s revenue model. I wish Apple would just ramp up the effort to Sherlock Facebook by introducing all of its popular features in many little social features spread around iOS.

 

[Airforcekid]

If you were even remotely concerned about location tracking, you wouldn't be using Facebook at all. These platforms will go to extreme lengths to figure out who you are, Tor will make it a bit more challenging, but they'll have who you are on the surface web down pretty solid. It's not just cookies that Facebook relies on - I can think of at least 20 different ways they could be tracking people down to a high degree of certainty.

I work in Us Cybercom im very aware of the various ways I can track a traget across devices its basically my job. Id still argue on a personnel Ios device where you block Facebook at the DNS level and use the onion browser your fairly safe enough so where the benefits outweigh the cost. I seriously doubt they go to the same lengths state actors do to determine the location of an onion user the time,effort and computational power needed would undo any profit brought in by feeding me accurate ads based on my location. Whats honestly easier would be linking my trusted traveler ID to my account and tracking my flights or utilizing the agreements they have with state governments to track my cars license plate on interstates. Both of which I know they do since I collaberate with them from time to time on domestic incidents. Tor isn't the weak point living a life is and even if I delete the account they will just keep a shadow one on me.

 

[longofest]

Makes you wonder how these massive organizations have allowed their apps to be developed with a hard coupling to a third party API that doesn’t catch exceptions from the API elegantly.

These issues should have been caught in testing prior to any release.

The issue is almost certainly a Facebook cloud service that is unreachable, down, or in a state that then leads to an exception in the facebook SDK. If the facebook cloud services are always up during integration testing, then how would those companies know?

This is really on Facebook. SDK vendors should not provide an SDK that, if a dependent resource is down, it then crashes the host app. It's really bad form. It's on the SDK vendor to degrade gracefully.

 

[luvbug]

If you stay away from FB, you avoid a *lot* of problems; the proverbial "rat hole", for sure.