When One Toggle Controls Them All: Active Status Sync Issue in Messenger Lite

Saturday, June 25, 2022 at 11:36 PM

Switching between multiple Facebook Messenger Lite accounts on the same device should be straightforward — each account’s settings, including active status, are expected to be independent. But what if changing the active status on one account unexpectedly changes it for all others?

During testing, I found a surprising privacy issue that affects multiple Messenger Lite users logged into the same device: toggling the active status (online/offline) on one account causes all other logged-in accounts’ active statuses to switch accordingly — without their knowledge or consent.

How It Works

Here’s the scenario:

  • You log into User A on Messenger Lite and set your active status to OFF (invisible).

  • Then, switch to User B on the same device. You’ll notice User B’s active status also turns OFF automatically — and you get notified about User A’s status change.

  • Switching accounts repeatedly applies the same active status setting across all accounts logged in on that device.

This means that your privacy preference for one account unintentionally affects the visibility of your other accounts.

Why This Matters

Active status indicates whether a user is currently available to chat — it’s a key privacy feature letting people control their online presence. This bug:

  • Leaks activity state changes across distinct user accounts on the same device.

  • Breaks the assumption that account settings are independent, potentially confusing contacts and exposing users when they want to appear offline.

  • Raises concerns about account isolation and session management within the app.

Steps to Reproduce

  1. Open Messenger Lite and log in as User A. Turn off active status.

  2. Switch account to User B on the same device.

  3. Notice that User B’s active status is also OFF, mirroring User A’s setting, and that you receive a notification about User A’s status change.

  4. Repeat switching accounts to see the active status toggle across all logged-in accounts.

What Should Happen

Each user’s active status should be managed independently, with no cross-account interference, even if multiple accounts share the same device. Turning off active status on one account must not affect other users’ online visibility.


This unexpected syncing of privacy settings reveals how seemingly simple features can unintentionally impact user control and privacy, especially when multiple accounts are used on shared devices.


Comments

Popular posts from this blog

🚨When an AI Search Engine Forgot Who It Was: A Bug Report That Changed Perplexity AI’s Identity

When Two-Factor Authentication Becomes Too Easy: A Surprising Instagram Security Flaw

Privacy Settings Bypassed: Hidden Likes Still Visible Through Facebook Reels