Eight popular Android and iOS applications have been found to transmit sensitive user data over unencrypted HTTP connections, leaving users vulnerable to various security risks. Key information, such as device details, geolocation, usernames, and passwords, is exposed during transmission, which makes it accessible to potential attackers. The lack of HTTPS encryption on these apps increases the risk of data interception, allowing malicious actors to steal personal information through attacks like data theft, eavesdropping, and man-in-the-middle attacks.
Among these apps, Klara Weather and Military Dating stand out as especially problematic due to the nature of the data they transmit. Klara Weather sends unencrypted user geolocation data over HTTP, putting users’ privacy at risk by allowing their location to be tracked. Military Dating, on the other hand, transmits unencrypted usernames and passwords, making it easy for hackers to intercept and misuse login credentials. Such unprotected transmissions could lead to unauthorized access to user accounts, identity theft, and other malicious activities that compromise personal privacy and security.
Additionally, the Android apps Sina Finance and CP Plus Intelli Serve display similar vulnerabilities, leaking sensitive device information, such as device ID, SDK version, and IMEI, over unencrypted channels. This information can be exploited to track and profile users, leaving them susceptible to surveillance and other invasions of privacy. CP Plus Intelli Serve further weakens security by transmitting usernames and passwords in plain text, exposing users to potential data theft without any basic protection measures, like HTTPS encryption.
To address these risks, cybersecurity experts, including Symantec, urge app developers to prioritize user safety by enforcing HTTPS for all data transmission, encrypting sensitive information, and conducting regular security audits. They also recommend that users take proactive steps to protect their own data, such as installing trusted security applications, avoiding downloads from unreliable sources, keeping software updated, reviewing app permissions carefully, and backing up important data. These practices are essential for safeguarding user data in the face of ongoing threats posed by unencrypted mobile applications.
Reference:
