Most likely a coding error
Several Android security researchers who spoke with
Bleeping Computer suspect the popups are appearing because of a coding error.
Avast mobile security researcher
Nikolaos Chrysaidos has taken a look at the Facebook app's source code and believes the offending party is an SDK (software development kit) embedded in the Facebook app.
The package that appears to be triggering the superuser popup is the
WhiteOps SDK, a software development kit for detecting ad fraud and implementing domain white/black-lists.
"Yes, it could be a coding error. Most possible yes," Chrysaidos told
Bleeping Computer in a private conversation today. "The dialog started popping up on users that are in the beta channel."
"Along with other various checks. Facebook is probably integrating WhiteOps SDK, and they forgot to re-implement the ROOT checking functionality," Chrysaidos says.