Why you shouldn’t use Facebook login for your app

Facebook’s iOS SDK for Facebook login has a security flaw. Facebook claims that this is by design and that it’s for the user experience.

They think it’s not a problem. Others think it is. The workarounds suggested on some of the linked pages no longer work.

Here’s what’s the problem:
1. you log in with your Facebook profile in an iOS application (I guess it’s the same for Android as well)
2. you use the app, then later decide that you want to log out, so you click log out
3. if you (or somebody else) later try to log in again, there will be no password asked. You will be logged in automatically. Without a password.

Without a password. So eventhough you’ve logged out from the app, you (or anyone having access to your phone or tablet) will be logged in without a password again.

So if you want to use Facebook login for your app’s security — don’t! It’s not secure. By design.

What do you think am I overreacting or is this a security hole?