Sunday, September 15, 2024
Homecyber securityResearch Unveils Eight Android And iOS That Leaks Users Sensitive Data

Research Unveils Eight Android And iOS That Leaks Users Sensitive Data

Published on

The eight Android and iOS apps fail to adequately protect user data, which transmits sensitive information, such as device details, geolocation, and credentials, over the HTTP protocol instead of HTTPS. 

It exposes the data to potential attacks like data theft, eavesdropping, and man-in-the-middle attacks.

Encryption is a fundamental security measure for protecting user data, but many app developers seem to be implementing it incorrectly. 

- Advertisement - EHA

Klara Weather and Military Dating apps pose significant security risks due to their unencrypted data transmission, where Klara Weather leaks user geolocation data over HTTP, exposing sensitive privacy information. 

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

Meanwhile, the Military Dating app sends unencrypted usernames and passwords, making them vulnerable to interception and compromise. This could potentially lead to unauthorized access to personal data, identity theft, or other malicious activities.

Military dating network traffic
Military dating network traffic

The Android apps Sina Finance and CP Plus Intelli Serve pose significant security risks by leaking sensitive device information, including device ID, SDK version, and IMEI, over unencrypted HTTP connections. This exposes users to potential tracking and profiling. 

CP Plus Intelli Serve transmits usernames and passwords in plain text, making them vulnerable to interception and theft.

Both apps fail to implement basic security measures, such as HTTPS encryption, to protect user data, exposing users to privacy and security breaches.

CP Plus Intelli Serve code evidence of HTTP URL usage
CP Plus Intelli Serve code evidence of HTTP URL usage

Latvijas Pasts and HaloVPN, popular mobile apps with over 100,000 and 13,300 downloads, pose significant security risks due to their unencrypted transmission of sensitive user data.

Network traffic analysis and code inspection revealed that Latvijas Pasts leaks user geolocation over HTTP. At the same time, HaloVPN exposes device information, including device ID, language, model, name, time zone, and SIM details. 

HaloVPN network traffic
HaloVPN network traffic

The mobile applications i-Boating: Marine Charts & GPS and Texas Storm Chasers are found to be transmitting sensitive user data over unencrypted HTTP connections. 

Specifically, i-Boating sends device information like type and OS version. At the same time, Texas Storm Chasers transmits user geolocation, which exposes users to potential security risks, such as eavesdropping and data interception, as malicious actors can easily access their personal information. 

Texas Storm Chasers network traffic

The ongoing issue of unencrypted data transmission in mobile apps poses significant security risks to users.

Developers are urged to prioritize app security by using HTTPS for all network traffic, encrypting sensitive data, conducting regular security audits, and being vigilant about user data protection.

Symantec advises users to safeguard their mobile devices against threats by installing a reputable security app, avoiding app downloads from untrusted sources, maintaining up-to-date software, carefully reviewing app permissions, and regularly backing up crucial data.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2024.3 Released With New Hacking Tools

Kali Linux 2024.3, the most recent iteration of Offensive Security's highly regarded Debian-based distribution...

Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs

A hacker known as Amadon has reportedly managed to bypass the safety protocols of...

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Kali Linux 2024.3 Released With New Hacking Tools

Kali Linux 2024.3, the most recent iteration of Offensive Security's highly regarded Debian-based distribution...

Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs

A hacker known as Amadon has reportedly managed to bypass the safety protocols of...

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...