Digital Web Review

Beware! A Location Sharing App Has Exposed the Data of 1.7 Million Users

| By DWR Editor

While Google has been protecting Android users with several security methods, some apps are found on the Play Store that is harmful for the users. Android users are downloading and installing such apps without knowing that they are being hijacked.

The recent research by the German agency named Fraunhofer Institute for Secure Information Technology has reported that the Location Sharing App is taking the information of the people or it is being hacked without their consent. These applications are accessible on play store and can be download directly. In any case, one ought to be careful with so many applications as some of them are not so much secure.

Researchers realized that with a simple type of HTTP request method, hackers can access unencrypted data without any authentication of the user. So, hackers were able to theft over 1.7 million passwords from the app named “Couple Vow” that allows couples to share location with each other and pull out user images, which included nude photos.

According to the Fraunhofer Institute for Secure Information Technology’s report, the hacked data includes Passwords, Nude Photos, Call Logs, Activities, Messages, Locations of the users of “Couple Vow” app.

As reported by Forbes, the research found that tracking apps made for families and couples to monitor their loved ones can easily be intercepted and allow hackers to spy on the phone user.

“In many cases, the problem was not the app itself,” wrote the Fraunhofer Institute’s head of secure software Siegfried Rasthofer in an email to CNET. “The problem was the back-end (server), which basically does not protect the data from unauthorized access,” they added.

The report identified that the developers of the app didn’t reply on this leak. The report also stated that the other apps also had weaknesses that would enable hackers entry to users accounts by bypassing the login or unsecured interaction. Furthermore, Google also didn’t immediately respond to a request for comment.

Source – BGR India