On iOS, if you have the Facebook application installed, the Facebook Login user journey opens the actual Facebook application. If you don’t have it installed, it will open the Facebook website in Safari. In both cases, assuming you are an active user of Facebook, you will already be logged in.
If it’s a fake OAuth screen? The first tip-off, assuming you use the application, is that it didn’t open the application. The second tip-off, in either case, is that it’s prompting you to log in. You can verify that you are logging directly into Facebook by going back to the home screen (which is not something an application can intercept), and re-opening Safari or the native application. If you were really in Safari / the Facebook application beforehand, it will come back to the same screen. Then you can check the URL to ensure you are on Facebook if you are in Safari.
As far as I am aware, it’s never "impossible to know". However it may be difficult for the average user to know how to determine this. For the average user, the rule of thumb "never log in to Facebook if a different application opened the Facebook login screen; only log in to Facebook if you opened the native application yourself or typed the website address yourself" is adequate.
It’s also worth mentioning that most password managers will pay attention to the domain, and there’s also a mechanism for this for native applications on iOS. So the password manager not auto-filling is another red flag.
>On iOS, if you have the Facebook application installed, the Facebook Login user journey opens the actual Facebook application. If you don’t have it installed, it will open the Facebook website in Safari.
Can someone else confirm this?
Those authentication screens are scary.
With a web browser, I can at least scrutinize the URL.
If you have any doubt as to whether you are in the legitimate Facebook application or not, return to the home screen and open Facebook from the icon on your home screen.
Bu really, the tip-off is the login prompt. Unless it’s the first time using the Facebook application on this device, you would normally be already logged in and it shouldn’t be prompting you to log in to Facebook.
I was looking for an android app to make my phone contacts on Outlook available on my phone.
The official app screws up with my share menu. I'd see one set of share targets and just before I hit my choice, outlook will place two contacts at the top. And this causes the remaining to rearrange.
Got pissed and uninstalled it. And I don't want to copy my contacts over to gmail.
I tried two contact apps and they both open a login screen - typing my password both times raised alarms in my head. Neither app worked. And couldn't risk trying more apps. Gave up and reinstalled the official outlook.
If it’s a fake OAuth screen? The first tip-off, assuming you use the application, is that it didn’t open the application. The second tip-off, in either case, is that it’s prompting you to log in. You can verify that you are logging directly into Facebook by going back to the home screen (which is not something an application can intercept), and re-opening Safari or the native application. If you were really in Safari / the Facebook application beforehand, it will come back to the same screen. Then you can check the URL to ensure you are on Facebook if you are in Safari.
As far as I am aware, it’s never "impossible to know". However it may be difficult for the average user to know how to determine this. For the average user, the rule of thumb "never log in to Facebook if a different application opened the Facebook login screen; only log in to Facebook if you opened the native application yourself or typed the website address yourself" is adequate.
It’s also worth mentioning that most password managers will pay attention to the domain, and there’s also a mechanism for this for native applications on iOS. So the password manager not auto-filling is another red flag.