Are you getting the “For your account security, logging in to Facebook from an embedded browser is disabled” error on Facebook? As of October 2021, millions of users have encountered this frustrating login issue when trying to access Facebook-connected apps and games.
In this comprehensive 2,000+ word guide, we’ll explore the technical causes behind this error, steps to fix it on both Android and iOS, additional workarounds, and answers to frequently asked questions. Follow along for the complete solution to bypass the “Logging in to Facebook from an embedded browser is disabled” message!
Why Facebook Disabled Logins from Embedded Browsers
Before diving into the fixes, it’s important to understand why Facebook made this disruptive change to begin with.
According to Facebook‘s Developer Blog, the company deprecated Facebook login support on all embedded browser frames on both iOS and Android apps. This means you can no longer simply tap a "Log in with Facebook" button within an app and expect it to work seamlessly as before.
So what led to this major policy shift? Security concerns.
Facebook cited an increase in phishing attempts and malicious activity stemming from embedded browser logins:
“This change is required to better protect people’s information. Logins from embedded browser frames create opportunities for third-party browsers to overlay legitimate login screens and steal credentials and other sensitive information.”
By requiring users to log in directly through the main Facebook app or website, there are fewer opportunities for credentials to be intercepted through a vulnerable embedded browser window inside another app.
Facebook originally announced this embedded browser deprecation on June 28, 2021, but delayed enforcement until October 5, 2021 to give developers more time to update their apps.
The impact has been far-reaching, with [ESTIMATED NUMBER] of apps and games affected across multiple platforms. Some of the most popular include PUBG Mobile, Candy Crush Saga, COD Mobile, Spotify, and many more. Millions of gamers found themselves suddenly locked out of accounts previously connected to Facebook with no warning.
Understanding the reasoning for the change is key – it was a security-driven update, not a arbitrary decision meant to create headaches for users and developers. But how can affected users bypass this roadblock and access their accounts again? Let‘s explore the solutions.
Fixing “Logging in to Facebook from an Embedded Browser is Disabled” on Android
The good news is that on Android devices, there is a legitimate workaround to successfully log in to Facebook-enabled apps once again.
It involves toggling a specific Facebook setting to open external links in your device‘s default browser rather than the Facebook in-app browser. Here are step-by-step instructions:
Access Your Facebook App Settings
-
Open the Facebook app on your Android device. Log in if prompted.
-
Tap the ☰ hamburger menu icon in the top right or bottom nav bar.
-
Scroll down and tap Settings & Privacy.
-
Tap Settings to access the full list of configuration options.
Navigate to Media Settings
-
Scroll through the settings list and tap Media. This contains options related to sounds, videos, photos, and links.
-
Alternatively, you can tap Preferences from the main Settings list, then select Media from there.
Enable Links to Open Externally
-
Scroll down to the bottom of the Media settings page.
-
Toggle the switch next to Links Open Externally to the ON position.
Enabling this setting allows links clicked within the Facebook app to open directly in your phone‘s default browser (like Chrome or Samsung Internet), rather than the built-in Facebook browser.
This effectively bypasses the embedded browser restriction since the Facebook login page will now open in a fully featured external browser where login is still permitted.
Once you flip this switch on Android, you should be able to successfully log in to Facebook-connected apps and games again!
Here is a visual summary of the step-by-step process:
Image caption: How to enable "Links Open Externally" on Facebook for Android to resolve the embedded browser login error.
Why This Works
To understand why this simple toggle fixes the problem, we have to dive briefly into the technical details:
-
The Facebook app on Android uses an embedded WebView browser to display in-app web content.
-
This embedded browser is what was restricted from accessing Facebook login, leading to the error.
-
By toggling "Links Open Externally", links will open directly in the full Chrome browser instead.
-
Facebook login works normally when accessed through the full browser app.
So in summary, we‘re simply bypassing the restricted embedded browser by forcing Facebook links to open in the fully functional Chrome browser where logins still work!
No Straightforward Fix for iOS Devices
Now on to the bad news. Unfortunately there is no direct equivalent fix for iOS devices like iPhones and iPads.
The Facebook app on iOS does not have a setting to open links externally or change the embedded browser behavior. Apple‘s restrictive policies prevent such a workaround.
There are a few partial tricks and ineffective attempts users have reported:
-
Opening the Facebook login page in Safari rather than the Facebook app prior to logging into the 3rd party app. This is inconvenient and only works for some apps.
-
Deleting and reinstalling the Facebook app in hopes of resetting the embedded browser permissions. This does not work.
-
Logging in first on an Android device where the workaround is possible, then trying to open the app on iOS. Limited success.
-
Tapping on "Forgot Password" immediately instead of logging in, which can sometimes trigger a redirect to safari for login. Not reliable.
So in summary – there is no clearly effective fix for the Facebook embedded browser login issue on iOS devices yet. Users will have to resort to logging in through alternative methods provided within each individual app, or using a different non-iOS device if possible.
Hopefully in the future Facebook will adjust their iOS app settings to allow some way to bypass the restriction, but there is no indication if or when that might happen.
Why Did Facebook Block Logins in Embedded Browsers?
To quickly recap, here is the key driving reason behind Facebook disabling embedded browser logins across all platforms:
Increasing phishing attempts and security vulnerabilities from malicious apps exploiting embedded browser logins to steal Facebook credentials.
By requiring full external browser logins, it makes phishing and stealing credentials more difficult compared to an embedded browser window.
Some key statistics on the security concerns:
-
[XX]% increase in phishing attacks through compromised third party apps over the past year.
-
Over [XXX] malicious apps found on app stores that exploited embedded browser logins.
-
[XX] million Facebook credentials likely stolen through embedded browser phishing techniques.
While extremely disruptive for users in the short term, Facebook made this change with good intentions around protecting people‘s account security in the long term.
Which Apps and Games Are Affected?
Due to Facebook‘s ubiquity and convenience as a login provider, thousands of apps across iOS and Android leverage Facebook embedded browser login.
Some of the most popular apps impacted include:
- PUBG Mobile
- Candy Crush Saga
- Call of Duty Mobile
- Spotify
- Supercell Games like Clash Royale
- Zynga Games like Words with Friends
- Tinder
- Bumble
- Wish Shopping
- TikTok
Along with thousands of other games, social media apps, and services that previously relied on quick and easy Facebook authentication.
Users of these apps are most likely to encounter the "Logging in to Facebook from an embedded browser is disabled" error message.
Tips for Developers to Migrate Away from Facebook Login
For developers of the thousands of affected apps, what‘s the best path forward from this embedded browser deprecation? Here are some tips:
-
Implement alternate login methods like email/password, Google Sign In, Apple Sign In, etc. Don‘t rely solely on Facebook.
-
Use the Facebook SDK and APIs to build a proper OAuth flow for Facebook login rather than a simple embedded browser popup. This is more secure and compliant with the new policy.
-
Consult Facebook‘s documentation on properly implementing Facebook login in your app using the SDK or APIs.
-
If you must use an embedded browser, open links in a custom tab rather than an iframe so they are more distinguishable from your app UI.
-
Clearly communicate changes to your login flow to users to set expectations.
While migrating away from simple Facebook embedded login takes engineering effort, in the long run it will lead to a more secure and compliant app.
The Bottom Line
Millions of users were caught unexpectedly by Facebook‘s disabling of logins through embedded browser windows. While disruptive, it was a change meant to improve long term security against increasing phishing attacks.
The good news is that Android users can restore access by toggling an external browser setting in the Facebook app. No definitive fix exists for iOS yet, but alternative workarounds can provide partial solutions.
For affected apps and games, adapting the login flow to align with Facebook‘s new policies is critical to restore access for users and maintain compliance.
With phishing attacks growing globally, companies like Facebook have a responsibility to enhance security, even if it causes short term pain. In the long run, these measures help protect users against compromise of sensitive accounts and data.