Data Leaks In Social Media Apps Like Instagram, Grindr And Oovoo Found By Researchers
Researchers from the University of New Haven found out that some of the social media apps like Instagram, Grindr, Oovoo, Vine, Nimbuzz, Voxer and some of Android apps are leaking unencrypted data. The group noted that the social media apps are transmitting and storing unencrypted images, conversations, screenshots that were not taken by the users and even passwords in plain text.
Ibrahim Baggili, director of the university's Cyber Forensics Research and Education Group and the editor in chief of the Journal of Digital Forensics, Security and Law stated that "Security is an afterthought". According to the research, messages, pictures, locations that users send to friends using the same apps is actually not private.
The mentioned social media apps and some of Android apps were also reported to store unencrypted images, conversations, screenshots that were not taken by the users and even passwords in plaintext. The same issue was found in the Viber text messaging app that the research group was also able to report earlier this year. It is also happening on Facebook's Instagram, Oovoo, Grindr, HeyWire and TextPlus, according to CNET. The group mentioned that Tango and Message Me left unencrypted videos on the server. TextMe and NimBuzz are reportedly to store plaintext passwords on the device. The research group estimates a total of 968 million of people that are using the apps. The private messaging features are expected to be good of course, but it does not seem to go well. CNET believes that this might cause problems to the users especially nowadays that the government is being accused to be snooping and this could make it easier for identity thieves to steal and use private data that are available over the internet.
Although, the research group is able to find out this issue, it has not analysed the apps that run on iOS yet. CNET adds that the researchers are finalising the details of its findings and will be posting new videos in five days on the university's Cyber Forensics Research and Education Group's YouTube channel starting on Monday. According to the report, CNET contacted the companies that were involved and so far, Grindr is reported to state that it regularly monitor and review all reports for security issues.
This should cause an alarm and there should be actions taken because users trust that the data should be kept private yet the mentioned app did not deliver.