University of New Haven researchers have uncovered a host of data-leakage problems in Instagram, Vine, Nimbuzz, OoVoo, Voxer and several other Android apps.
The problems include storing images and videos in unencrypted form on Web sites, storing chat logs in plaintext on the device, sending passwords in plaintext, and in the case of TextPlus, storing screenshots of app usage the user didn’t take.
People may assume that sending messages, pictures and location maps to friends using the same app is private, but it’s not.
Some of the problems are similar to privacy problems in the Viber text-messaging app that the group detailed earlier this year. There, the service stored image files unencrypted on a publicly available Web server. That’s exactly what’s happening now with Facebook’s Instagram, OoVoo, Grindr, HeyWire and TextPlus, the researchers found. Here are the other problems identified:
- Tango and MessageMe left videos on a server, also unencrypted. TextMe and Nimbuzz stored passwords in plaintext on the device.
- Apps that sent text, images, location maps, music and video unencrypted over the network were Instagram, OKCupid, OoVoo, Tango, Kik, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike and TextPlus. (Not all of them sent all forms unencrypted.)
- Several apps also stored chat logs unencrypted on the device. That includes Twitter’s Vine, TextPlus, Nimbuzz, TextMe, MeetMe, SayHi, Kik, OoVoo, HeyWire, Hike, MyChat, WeChat, GroupMe, Whisper, Line, Voxer and Zynga’s Words with Friends.
- All in all, the researchers estimate 968 million people total use the apps
With private messaging features, naturally, your expectation for privacy is heightened. The data often isn’t actually protected. In the current climate of government snooping and identity theft, that could be a problem financially or personally.
The researchers found the unencrypted data by monitoring the devices’ network traffic, seeing words they’d type into the apps appear in plaintext over the network, and by examining files captured with in-device backup software. The organization hasn’t analyzed apps running on iOS, Apple’s mobile operating system.
In a statement, Grindr said only, “We monitor and review all reports of security issues regularly. As such, we continue to evaluate and make ongoing changes as necessary to protect our users.”
(Image Source: iCLIPART)