Facebook for Android vulnerable to simple snooping tricks
Even more troubling is Wallach's finding that the lack of OAuth or another signature method in Facebook for Android means someone could theoretically post to your Facebook account. There's also a possible SQL injection vulnerability which could cause all kinds of trouble.
To protect yourself from potential exploits, you can sign into the secure version of Facebook's site -- https://www.facebook.com -- and get a third-party encryption app that will let you use the secure site by default. Hopefully Facebook will quickly address these issues and release an updated, more secure version of the Android app.