A location sharing app exposed 1.7 million passwords and some users' nude photos

What was surprising was the fact that Google was not swift in its response when the researchers disclosed their findings.

  • Published: August 15, 2018 12:23 PM IST
Location Globe Map 805px

Mobile apps on your smartphone can range from most useful and secure to social media and games that help you pass your time. There are also quite a few apps that are plain redundant on the Play Store or App Store. Though, regardless of the type, smartphone apps are the backbone of our smartphone existence.

Apps act as the gateway for the data that we consume as well as feed the system, and most users trust what the apps ask them to do. Considering smartphone apps are critical for the complete smartphone experience, one would believe that the developers making these apps would be careful in making these apps.

Watch: Microsoft Surface Book 2

Even though most developers put in efforts to ensure that their apps are secure, and act responsibly by protecting user data while handling them. There are some exceptions where developers try to push malicious apps that want to mine user data, steal user data or even mine bitcoin in the recent past. But, there is a third type of developers who accidentally or out of sheer carelessness end up leaving the user data insecure.

According to Fobes, 18 Android tracking apps were installed as part of the investigation that has already been downloaded by millions of users via the Google Play Store. One of these apps, “Couple Vow” that allows couples to share location with each other exposed about 1.7 million user passwords in plain text format without any encryption.

These exposed passwords would allow anyone to have access to all the location, call, text data in addition to anything sent using the messaging feature of the app. A separate issue with the app database allowed researchers to access all the user data of 1.7 million users including nude images in “some cases”. As pointed out by the report, researchers from Fraunhofer Institute for Secure Information Technology in Germany presented these flaws at hacking convention DEF CON in Las Vegas last week. The presentation was titled “All Your Family Secrets Belong To Us- Worrisome Security Issues In Tracker Apps.”

The report pointed out that the developers of the app did not respond to the request for a comment. The report stated that the rest of the apps also had weaknesses that could allow hackers access to accounts by bypassing the login or unsecured communication. What was surprising was the fact that Google was not swift in its response when the researchers disclosed these issues to the company. Instead, the company was slow in its response removing only “handful of the apps” while leaving “some” up on the Play Store.

  • Published Date: August 15, 2018 12:23 PM IST