Facebook App Caught Asking for Superuser Root Access Permission

This past week, Facebook app users worldwide started reporting a strange issue: the Facebook app for Android was suddenly requesting superuser permissions – also known as root access.

Some described the issue as a “conspiracy”. Facebook, with root access, would have massive control over the user’s device and the data within the device.

In reality, the issue seems to be a problem within a new service used by Facebook within its app, and the issue has been entirely overblown.

Facebook has also been embroiled in an ongoing crisis over how it manages user data. Facebook has faced criticism for selling user data to private companies worldwide, for example, with little input from users over how that data is used.

That’s why many Android users were concerned about Facebook suddenly requesting root access.

According to reports, Facebook requested superuser permissions immediately upon opening the Facebook app on a rooted Android device.

The issue appeared to exclusively occur on rooted Android devices. Android apps, generally speaking, can’t get root access just because they want root access. Instead, you need to root your Android device first – like by using One Click Root or similar software. Then, you need to install a superuser management tool – an app that manages root access across other apps. SuperSU is one popular option while Magisk is another.

After rooting Android and installing a superuser management app, that’s when things got weird: reports started appearing online of Magisk pop-ups within the Facebook app.

Basically, rooted Android users would open their Facebook app as normal, then see a request from Magisk. Facebook was requesting superuser or root access to the device.

The issue was spotted and reported online by Android security researcher Nikolaos Chrysaidos, who shared the following tweet with the internet:

His tweet was echoed by responses from across the rooted Android community. Other users reported seeing the superuser request after updating to the latest version of the Facebook Android app.

Why does Facebook need root access? Users who chose to accept the superuser request were unable to spot a difference between non-rooted Facebook and rooted Facebook. The app seemed to function the same whether you accepted or denied its request for root privileges.

Why Does Facebook Need Root Access?

First of all, let’s clear something up: Facebook does not need root access. Facebook does not appear to change its behavior in any way with or without root access. There’s no reason to give root access to Facebook, and you don’t enjoy any benefits by granting superuser access to Facebook.

So why is Facebook requesting root access on certain devices? Is Facebook attempting to identify rooted Android users? Are they trying to harvest data from rooted Android users? Is this part of some vast global conspiracy theory?

Instead, Chrysaidos – the Android security who originally reported the issue on Twitter – believes the culprit is a service called WhiteOps. Facebook recently integrated WhiteOps into its app. WhiteOps is designed to identify shady postings connected to fake news websites:

“The only place inside the x amount of dex files in Facebook app that it does a check that produces the “SuperUser Request” dialog is in the WhiteOps SDK,” explained Chrysaidos on Twitter.

“Along with other various checks. Facebook is probably integrating WhiteOps SDK and they forgot to re-implement the ROOT checking functionality.”

How to Avoid Granting Root Access to Facebook

Ultimately, this whole issue seems to be overblown.

However, if you want to prevent (or, for whatever reason, allow) root access for Facebook, you can do so by updating your Facebook app to the latest version. Then, open the app on a rooted device with a superuser permissions app like SuperSU or Magisk installed. From there, just accept or deny Facebook’s superuser permissions.

Given Facebook’s history with user data and overstepping boundaries, it’s understandable why the Android community was rattled by this latest development. However, the Facebook root access conspiracy theory seems to be entirely overblown. Move along.