Facebook has closed a hole that allowed photos to be downloaded and uploaded over an insecure connection.
The flaw affected the site's Android main mobile and messenger applications and meant user's pictures were sent over the HTTP protocol, in contravention of Facebook's bid to push all traffic via HTTPS.
Images sent over wireless networks could be intercepted by attackers sniffing the traffic. While the impact for users was likely low, users connecting to public networks were most at risk.
Researcher Mohamed Ramadan reported the flaw to Facebook and was paid $2000 for the efforts.
Concerned users should update their apps through the official Google Play Store.
"It is time to update your Facebook apps right now," Ramadan said.