Facebook security flaw?

randallking

I received a Facebook message notification (text displayed on my iPhone lock screen) ever while signed out of Facebook completely on my iPhone. This seems like a major security hole to me. What if I had sold the phone to someone else? Are they going to get my Facebook messages now?

 

Here's what happened:

1. Signed out of Facebook on my iPhone in iOS 8 through Settings.


2. Signed out of the Facebook app.


3. Messenger didn't allow me to sign out, so I deleted the app completely. I then re-downloaded Messenger from the App Store.


4. Signed out of Pages (Facebook's app for managing pages).


5. The main Facebook app still showed my email address in the sign-in field with no apparent way to delete it, so I deleted that app and re-downloaded it from the App Store.


6. At this point, I was completely signed out of all Facebook-related apps on my iPhone. I subsequently received a message from a friend, and I got a notification on my iPhone lock screen which included the text of the message. Because I was signed out of every Facebook app on my iPhone, nothing from my account should be accessible on that phone without first signing in again. Again, what if I had given away the device or sold it? I realize I should wipe it (and would do so), but it seems like this would still happen. There's no reason to think it wouldn't.

I don't buy the explanation that I should go into my Facebook account and kill all my sessions from there. I shouldn't have to do that if I signed out on my phone. No average user would think to do that. This is a problem Facebook needs to address, or have I missed something?