University of New Haven researchers have uncovered a host of data-leakage problems in Instagram, Vine, Nimbuzz, OoVoo, Voxer and several other Android apps.
University of New Haven researchers have uncovered a host of data-leakage problems in Instagram, Vine, Nimbuzz, OoVoo, Voxer and several other Android apps.The problems include storing images and videos in unencrypted form on Web sites, storing chat logs in plaintext on the device, sending passwords in plaintext, and in the case of TextPlus, storing screenshots of app usage the user didn't take.People may assume that sending messages, pictures and location maps to friends using the same app is private, but it's not.Some of the problems are similar to privacy problems in the Viber text-messaging app that the group detailed earlier this year. There, the service stored image files unencrypted on a publicly available Web server. That's exactly what's happening now with Facebook's Instagram, OoVoo, Grindr, HeyWire and TextPlus, the researchers found. Here are the other problems identified:
With private messaging features, naturally, your expectation for privacy is heightened. The data often isn't actually protected. In the current climate of government snooping and identity theft, that could be a problem financially or personally.The researchers found the unencrypted data by monitoring the devices' network traffic, seeing words they'd type into the apps appear in plaintext over the network, and by examining files captured with in-device backup software. The organization hasn't analyzed apps running on iOS, Apple's mobile operating system.In a statement, Grindr said only, "We monitor and review all reports of security issues regularly. As such, we continue to evaluate and make ongoing changes as necessary to protect our users."(Image Source: iCLIPART)
