The app in question apparently made it clear that it was accessing users' contact information.
The social network has awarded researcher Mohamed Ramadan $3,000 for uncovering the vulnerability.
Ninety-one percent of respondents said they don't know if their company even plans to implement a BYOD policy.
The flaw could provide an attacker with access to all physical memory on a device.
Your likelihood of infection varies widely depending on your location -- it's just 0.40 percent in the U.S., but 34.7 percent in Russia.
Most mobile browsers fail to display SSL or TLS indicators.
Among the findings in recent security research: More than one in six mobile apps contain high-risk code that can compromise user security, and 44 percent of adults aren't aware security solutions for mobile devices exist.