Facebook Moments App Sends Your Images From Camera Roll With Facial Recognition


Facebook Moments App Sends Your Images From Camera Roll With Facial Recognition

Many people do not upload the photos from the camera rolls in their mobile devices because the process of syncing photos to the cloud, creating albums and sharing the albums with others can be a great privacy risk among users   ( we all know about the iCloud disaster ) .

A new photo-sharing application has been released by Facebook this week called Moments. This app utilizes facial recognition technology to tag and send your pictures from your private camera roll.

Facebook says the following regarding the Moment app :

“Syncing photos with the Moments app is a private way to give photos to friends and get the photos you didn’t take. Moments groups the photos on your phone based on when they were taken and, using facial recognition technology, which friends are in them. You can then privately sync those photos quickly and easily with specific friends.”
The use of facial recognition tools can prove to be a privacy disaster and  it has already created concerns about privacy issues and caused problems for Facebook.


In Europe, the launch of the app has been suspended indefinitely, precisely because of its facial recognition tool that allows your Facebook friends to be identified.

Read :   Bypass Facebook Link Detection


Many users are not happy with the Facial recognition  since every taken picture will automatically be sent to your Private folder present on the app. This means, you will have to take some extra steps to finally share it publicly.

 Here’s how it works:



Multiple Vulneribilities found in Whatsapp Web



Few days back whatsapp released its web client which is called as WhatsappWeb and as soon as it was released everyone was curoious to know if there exist some kind of bug in it. Even i was curious to know . So i tried a few thing and i got two bugs on it. And to my surprise my findings went viral. It got covered in almost by all the popular newspaper, online news portal. Few of them are : International Business Times , The Hacker News , The Assam Tribune , Infosecurity Magazine , etc. Even the popular British security analyst Graham Cluley  shared his valuable opinions about my findings in his blog.

So here are the two bugs that i discovered in the new WhatsappWeb.

Whatsapp photo privacy bug

Whatsapp gives us the option to hide our profile picture from others. Whatsapp offers 3 options a. everyone b. contacts c. nobody. If we set privacy to contacts only then only the people who are in our contact list can view our profile picture. But The new version of WhatsApp Web allows us to view a user’s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to "Contacts Only," the profile picture can be viewed by out of contacts people as well.

Here is the video demonstration :




As  Graham Cluley said in his blog , it’s not the most serious privacy breach that has ever occurred. But the fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.

WhatsApp Web Photo Sync Bug

Two weeks back when whatsapp released its web client called whatsappWeb they said that all the messages will be synced. Means if we send a message from our phone it will appear on the whatsappweb too and if we send a message from whatsappweb the message will appear in our mobile too. Now if we delete a message from mobile then the chats get refreshed in whatsappweb and the message that was deletes in the mobile gets deleted. But the same does not happen with photos. If we send a photo from our mobile it appears in our whatsappweb too and then when we delete the photo from our mobile , the photo appears blurred in our mobile as it is deleted but the same does not happen in whatsappweb. It does not get refreshed like the other time it did when user deletes a text. The photo is still accessible by Whatsapp Web as the photo does not get deleted from its web client, revealing the fact that mobile and web clients of the service are not synced properly.

Here is the video demonstration :


I have reported both the bugs to the whatsapp security team and they are now working on it. Since the WhatsappWeb is now in its initial stage so I suppose things are not well arranged but I hope in the coming days whatsapp patch its bugs and give us a secure and awesome messaging platform.