Facebook’s bug bounty program seems an integral requirement in view of the plethora of bugs and glitches found in its platform leading to privacy breaches. Facebook has so far paid hefty bounties to bug bounty hunters reporting serious issues. Yet, the white hat hackers and bug hunters continued to face problems analyzing Facebook apps. Therefore, in an attempt to facilitate them, Facebook has announced the launch of dedicated ‘Whitehat Settings’.
Facebook Announced Whitehat Settings
In a recent post by Facebook authorities, the tech giant announced its plans to facilitate pentesters in their research. Allegedly, Facebook’s dedicated ‘Whitehat Settings’ will allow the security researchers to test Facebook apps feasibly.
As stated in their post, the new settings make it easier to analyze network traffic on Facebook mobile apps. Precisely, the bug hunters may use these settings to test Android apps for Facebook, Instagram, and Messenger.
Source: Facebook
Presently, these settings won’t work for iOS clients. The researchers can enable these settings via the main Facebook settings menu.
Besides, Facebook recommends disabling these settings when not required to avoid potential security problems.
Facebook To Facilitate Bug Hunters
Facebook stated that they took the decision considering the feedback received in response to their Whitehat survey. They found that the whitehat hackers used to face problems in analyzing mobile apps. Facebook stated that this happened due to the security measures they have employed, such as Certificate Pinning.
“These mechanisms are designed to raise the barrier of entry for an attacker seeking to break the integrity and confidentiality of the traffic sent from the client (user device) to the server (Facebook’s infrastructure).”
They explained that while such measures intruded the bad actors, they also made it harder for ethical hackers and bug hunters to test Facebook’s mobile apps for server-side vulnerabilities.
Ironically, Facebook made this announcement right after a weird confession regarding password security. As confessed by Facebook itself, they ‘mistakenly’ stored Facebook users’ passwords in plain text – something that violated Facebook’s practices, and that they patched later.
Nonetheless, Facebook has announced several major steps that seemingly contribute to user privacy. Earlier this month, Mark Zuckerberg shared his vision about social networking with privacy. In his detailed post, Zuckerberg revealed that they would rehaul Facebook’s platform to promote user security.