Aran Khanna, a Harvard University student, discovered a flaw that could sense and give the geolocations of your friends on the Facebook messenger.
His application, called Marauder’s Map, was a Chrome extension that used data from Facebook Messenger to map where users were when they sent messages. The app also showed the locations, which were accurate to within three feet, in a group chat with people he barely knew. That meant complete strangers could hypothetically see that he had messaged them from a Starbucks around the corner, while he could see that they had messaged from their dorms.
Khanna went through his chat history he found that a location is attached to each message he has sent and received from his device. Also, the location is shared with the ‘power of default’ even if you choose to turn the location sharing option off.
“The latitude and longitude coordinates of the message locations have more than five decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter” as said by Khanna.
He even demonstrated the findings by putting himself into the picture, i.e. he started a conversation with one of his brother’s friend and could tell exactly where he was in his dorm and the exact location of his room!
The code was apparently written in on purpose to aid intelligence agency to locate people of interest.
You can imagine the suspect be tracked as he/she walks along and interacts with others. As we shown in other posts, they can go back in times to see which phone was there.