Facebook is working today to fix a major mobile security flaw that was recently discovered by MyPermissions, an Israel-based startup.
MyPermissions chief executive officer and cofounder, Olivier Amar, discovered the security flaw when his software team was running stress tests on Facebook’s mobile applications.
According to VentureBeat, Amar’s engineers found they were unable to remove apps they had downloaded — and couldn’t actually disconnect those apps’ permissions from the social networking site. According to Amar, “What we found is that Facebook could not shut down any of their systems with the software script we were using.”
After discovering the issue MyPermissions engineers stayed awake for two days as they “frantically” worked with Facebook’s “white hat” squad to diagnose and possibly help fix the issue.
On the MyPermissions blog they write that the flaw allows app makers to “make it impossible for you to revoke an app’s permission to access your information.”
Engineers at MyPermissions created the script which forces an error screen when someone tries to revoke app access.
At this time Facebook says they have not been able to verify the validity of the claim. MyPermissions handed over only part of their script to the social networks core group of engineers.
According to Facebook engineers, they hope to have the problem fixed by the end of day.