GitShow/facebook/facebook-android-sdk
facebook

facebook-android-sdk

Used to integrate Android apps with Facebook Platform.

by facebook
Star on GitHubForkWebsite

Kotlin

6.4k stars3.7k forks247 contributorsActive · 1d agoSince 2010sdk-version-18.3.0

Meet the team

See all 247 on GitHub →
jingping2015
jingping2015271 contributions
KylinChang
KylinChang156 contributions
jawwad
jawwad114 contributions
maxalbrightmeta
maxalbrightmeta97 contributions
mingflifb
mingflifb93 contributions
swiese
swiese50 contributions
dreamolight
dreamolight44 contributions
mingcaozhang
mingcaozhang43 contributions

Languages

View on GitHub →
Kotlin93.6%
Java6.1%
Shell0.3%
AIDL0%

Commit activity

Last 12 weeks · 24 commits

Full graph →

Community health

5 of 6 standards met

Community profile →
87
✓README✓License✓Contributing✓Code of Conduct○Issue Template✓PR Template

Recent PRs & issues

Active · Last activity 1d ago
See all on GitHub →
UditDewan
Fix MD5 checksum encoding dropping leading zeros in HashUtilsOpenPR

Summary hex-encodes MD5 digests with: treats the digest as a number, so it drops leading zeros. Any digest that begins with one or more zero nibbles produces a hex string shorter than the expected 32 characters: Roughly one digest in sixteen starts with a zero nibble, so a meaningful fraction of checksums silently did not equal the canonical MD5 value. The same flaw was present in both and the path. Change Use — already defined in the same package — which formats each byte as exactly two hex digits () and therefore preserves leading zeros. This also removes the now-unused import. Tests Added a regression test in covering a single leading-zero nibble () and many leading-zero nibbles (), both of which failed before this change. Existing non-zero-prefixed cases are unchanged. Note: the SDK test suite needs the Android/Gradle toolchain, which wasn't available in my environment, so the new assertions were verified against the canonical values by inspection. CI should exercise them.

UditDewan · 1d ago
UditDewan
Fix NonceUtil.isValidNonce to reject all whitespace, not just spacesOpenPR

Summary is meant to reject any nonce that contains whitespace, but the check only matched the literal space character: Despite the local being named , a nonce containing a tab (), newline (), or carriage return () passed validation. That nonce is later fed into the OIDC login flow through 's , where embedded whitespace can break request handling downstream. Change Use so every whitespace character is rejected: Tests Added regression coverage in for tab, newline, and carriage return — each of which previously passed validation and now correctly fails. Existing valid/space/empty cases are unchanged. Note: the SDK's test suite requires the Android SDK/Gradle toolchain, which wasn't available in my local environment, so the new tests were validated by inspection. CI should exercise them. Co-authored-by:Baradhan-Madhu

UditDewan · 2d ago
dbaker-bitwise
OidcSecurityUtil.getRawKeyFromEndPoint results in a blocking HTTP call that can result in a ANROpenIssue

Checklist before submitting a bug report [X] I've updated to the latest released version of the SDK [X] I've searched for existing Github issues [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group [X] I've read the Code of Conduct [X] This issue is not security related and can safely be disclosed publicly on GitHub Java version 8 Android version SDK 31 Android SDK version 13.0.0 Installation platform & version Gradle 7.0.0 Package Core & AppEvents Goals No blocking HTTP calls on the main thread Expected results The application is free of ANRs. Actual results We occasionally see ANRs reported in our error collection service with the following relevant callstacks. It appears that what is happening is that during a login attempt the following happens. On the main thread the OS calls onActivityResult() in facebook-common/src/main/java/com/facebook/login/LoginFragment.kt This eventually results in the NativeLoginMethodHandler creating an AuthenticationToken via one of the LoginMethodHandler's static factory methods The AuthenticationToken constructor tries to verify the signature of the header used to create the token in a require() function. The isSignatureValid() check calls into OidcSecurityUtil.getRawKeyFromEndpoint() The OidcSecurityUtil.getRawKeyFromEndpoint() function looks like this: This results in a blocking wait on the main thread until the HTTP request can be completed. It seems that this sometimes takes more than 5 seconds to complete and results in the reported ANR. Steps to reproduce _No response_ Code samples & details _No response_

dbaker-bitwise · 1w ago

Recent fixes

View closed PRs →
DRPrincess
Facebook Login - Obtain null Authentication tokenClosedIssue

Checklist before submitting a bug report [X] I've updated to the latest released version of the SDK [X] I've searched for existing Github issues [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group [X] I've read the Code of Conduct [X] This issue is not security related and can safely be disclosed publicly on GitHub Java version java 11.0.12 Android version Andriod 11 Android SDK version 8.2.0 Installation platform & version implementation 'com.facebook.android:facebook-android-sdk:latest.release' Package Login Goals have an jwt format token Expected results have an jwt format token Actual results authenticationToken is empty Steps to reproduce _No response_ Code samples & details

DRPrincess · 3h ago
ddovod
`com.android.installreferrer` is called in the main thread which leads to ANRClosedIssue

Checklist before submitting a bug report [X] I've updated to the latest released version of the SDK [X] I've searched for existing Github issues [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group [X] I've read the Code of Conduct [X] This issue is not security related and can safely be disclosed publicly on GitHub Java version 8 Android version api 23+ Android SDK version 12.1 Installation platform & version Gradle Package Other / I don't know Goals According to our investigations can block the callers thread for a long time which in case of main thread leads to ANR. We call from the background thread, it is safer and works just fine. Looks like fb sdk calls it from the main thread and we have a bunch of ANR reports that shows this case. Please consider moving to the background thread. Thanks Expected results is used in the background thread, no ANRs Actual results is used in the main thread, ANRs Steps to reproduce _No response_ Code samples & details Edit: added a stacktrace

ddovod · 5d ago
lUjek-Sh
Feature Request: android.useAndroidX=falseClosedIssue

Checklist before submitting a feature request [X] I've updated to the latest released version of the SDK [X] I've searched for existing Github issues [X] I've read the Code of Conduct Goals Please update the library because there is a build error Expected results android.useAndroidX=false Code samples & details

lUjek-Sh · 1w ago
Structured data for AI agents

Repository: facebook/facebook-android-sdk. Description: Used to integrate Android apps with Facebook Platform. Stars: 6439, Forks: 3690. Primary language: Kotlin. Languages: Kotlin (93.6%), Java (6.1%), Shell (0.3%), AIDL (0%). Homepage: https://developers.facebook.com/docs/android Latest release: sdk-version-18.3.0 (1w ago). Open PRs: 3, open issues: 84. Last activity: 1d ago. Community health: 87%. Top contributors: jingping2015, KylinChang, jawwad, maxalbrightmeta, mingflifb, swiese, dreamolight, mingcaozhang, kongxinzhu, jjiang10 and others.

·@ofershap

Replace github.com with gitshow.dev