Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public. Shortly after I made the details of the issue public, Facebook Security got in touch and let us know that its engineers were looking into the report and trying to get a fix up soon.

At 4:19pm PT today, I received a follow-up email from Facebook Security that confirmed a fix had been rolled out server-side, and no app update was necessary. The issue was introduced about a week prior, and the company promised to conduct a thorough internal review to investigate how it could have happened and how it could prevent similar issues in the future.

Additionally, in response to my inquiry regarding removal of all photos that were set public in error, Facebook Security said the engineering team is currently combing through everything and is planning to take them all down once they're positively and definitively identified.

I have verified that the fix is indeed working, so we can now consider this case closed.

For completeness, here is the relevant part of Facebook's response in full: