Deprecating help for FB Login authentication on Android embedded browsers
We’re seeing an increase in phishing attempts in Android embedded browsers (also known as web views), so as of August we will no longer support FB login authentication in Android embedded browsers. Before this date, we will continue to block access to Facebook login in embedded browsers for certain users who we consider to be high risk in order to prevent malicious activity.
If your app is currently showing Facebook Login in an embedded browser on Android, you should make sure that you are using the SDK, have updated to version 8.2 or higher, and remove any overrides in the login behavior during login (i.e. using LoginBehavior.WEB_VIEW_ONLY). If your app uses version 8.2 or later of the SDK, we’ll use several methods to authenticate the user through other methods – including options like sending a push notification to verify the user’s identity (also known as “passwordless flow”) or prompting the user to complete the process of logging into the Chrome browser (Chrome Custom Tabs) or the Facebook Android app (also known as Android App Switch). Not only are these alternative authentication methods a more secure option, but they also improve the user experience and increase conversion rates because the user no longer has to manually enter their password to log in.
Despite this approach, we may not be able to authenticate users using alternate methods. In this case, the user is prevented from signing in to an Android web view. In this case, we recommend users to log in with a different device.
We value your partnership as we continue to invest in platform security.