The controversial Android app is called Faceniff, a truly clever session hijacking app that allows you to sniff and intercept web session profiles over Wi-Fi network where your phone is connected to. Think of Faceniff as Firesheep, but for Android.
Faceniff Lets You Hack Facebook Accounts With Ease
I had the chance to install the app and see things in action on my phone. Below is a quick rundown on how I make Faceniff work, and browse through my friend's Facebook accounts without them knowing:
Step 1 Download and install Faceniff HERE.
Step 2 Once installed, launch it. You should be prompted for a Superuser permission. Just hit "Allow" or "Yes" (depending on your phone).
Step 3 There are a couple of instruction that pops up especially if you open the app for the first time. Just follow them carefully...until you arrive into the start-up screen.
Step 4 Toggle "START" and optionally enable SSLStrip to start Faceniff. If valid web sessions found, it will be displayed like this:
Step 5 Click on any of those "hijacked" accounts. Android should then prompt you for a list of browsers currently installed on your device. In my case, I used Opera Mobile as I wasn't able to make it work with default browser, Skyfire and even Opera Mini. Just make sure to set "Mobile" as Opera Mobile's User Agent configurable in the Settings > Advanced menu.
If you constantly connect to a wireless public network like in cafes or malls, recognize that your communication online can anytime be sniffed by almost anyone. Wireless network is notably vulnerable to packet sniffing as the exchange of data is done wirelessly. This vulnerability gives bad guys the opportunity to steal information exchanged over the air.
So, how to stay safe online?
Whenever possible, don't connect to already congested public Wi-Fi network. Rather use the 3G/4G services offered by your ISP. And Virtual Private Network (VPN) applications would also help.