There’s also no way that it’s happening. You can’t key log with JavaScript. There’s something called cross domain policies or xDomainPolicy which prevent certain types of code being run on one website by a different website.
Cross domain policies are enforced by the browser. If you’re using a third party app, guess what you’re using as a browser.
Want an easy example of this? Userscrips on Firefox. Install GreaseMonkey, and you can run whatever the hell you want on any webpage. Keylogging, mouse movements, clicks and navigations. Not hard, and impossible to really stop from the site itself, because no matter what you tell the browser to do, you essentially have to just hope the browser follows through.
There’s also no way that it’s happening. You can’t key log with JavaScript. There’s something called cross domain policies or xDomainPolicy which prevent certain types of code being run on one website by a different website.
Cross domain policies are enforced by the browser. If you’re using a third party app, guess what you’re using as a browser.
Want an easy example of this? Userscrips on Firefox. Install GreaseMonkey, and you can run whatever the hell you want on any webpage. Keylogging, mouse movements, clicks and navigations. Not hard, and impossible to really stop from the site itself, because no matter what you tell the browser to do, you essentially have to just hope the browser follows through.
Somebody else is already pointed out that it’s already been debunked so no it wasn’t happening
I was responding to your claim of “not happening, impossible” with proof of it being possible, and actually fairly easy to implement.
But it’s not another website, it would be the web browser within the Facebook app, which could absolutely do that.
Except this is already being debunked see above