Lax security policy of several apps puts users data at risk

Data integrity and security is one of the most important things for a company. Users trust these companies with their private information and believe that their data will be protected by these companies. This is exactly what companies pledge to do when they ask for user’s information but sometimes, smallest of flaws within the system can prove to be the chink in the armor for unauthorized personnel.

Reports are that there are a few apps on the apps store that have drawn attention to themselves as they have failed to provide their users with proper security measures as their data could’ve been at risk if it was found by someone who was looking to misuse their data.

There were a few flaws found in these apps which might’ve leaked personal information of users to attackers. Mikail Tunç who works as a cyber security researcher (in-collaboration with Cybernews) found out that there were many mobile apps that have flaws in their identification verification services. More importantly, they failed to follow the guidelines that were presented to them by Onfido.

What they did is that they left the API token exposed at the front end instead of keeping it somewhere safe at the back end. Keeping the API at the front end means it can be accessed and cracked easily by attackers. If tunc wouldn’t have found this flaw, god knows how many people’s data might’ve gotten compromised.

This data contained some personal information like ID cards, passports and even their emails, names and addresses which could’ve led to identity thefts or even worse. The apps contained videos and media which, if leaked, could be used by attackers for identity verification.

The flaw was reported by Tunç himself indicates that probably no one else knew about it and the data is safe.

CyberNews revealed that there were a few apps that were found guilty of having flaws within their system; let’s have a look at them.

• Fx Pro Direct App 

• Europcar 

• Chips

• Hoolah

• Mode

• Greenwheels

Users who are familiar with these apps and have made accounts on them should be on the lookout for malicious and spam messages, because chances are that their data might’ve been compromised. We think that as a precautionary measure, they should at least turn on their firewall, update their devices and scan their system for unidentified threats.


Illustration Via: Freepik / pikisuperstar

Read next: A majority of consumers think antivirus tools are somewhat effective, according to this study
Previous Post Next Post