This location-sharing app exposed 1.7 million passwords -- and some nudes
A study of 18 tracking apps found easily exploited security vulnerabilities.
A study of popular location-sharing apps on Google Play showed major security vulnerabilities.
Apps that allow you to share your location and activity can leave your data and personal information exposed, according to a recent finding by the Fraunhofer Institute for Secure Information Technology, which is based in Darmstadt, Germany.
As reported by Forbes, the study found that tracking apps made for families and couples to monitor their loved ones can easily be intercepted and allow hackers to spy on the phone user.
"In many cases, the problem was not the app itself," wrote the Fraunhofer Institute's head of secure software Siegfried Rasthofer in an email to CNET. "The problem was the back-end (server), which basically does not protect the data from unauthorized access."
The report, entitled All Your Family Secrets Belong To Us: Worrisome Security Issues In Tracker Apps, took a look at 18 Android tracking apps that have been downloaded by millions of Google Play users. One of these is the Korean app Couple Vow, which allows couples to share their location, their call history and their text messages.
Researchers found that with a simple type of HTTP request method, hackers can read unencrypted data without any authentication. They were able to lift 1.7 million passwords from Couple Vow alone and pull out user images, which included a nude photo.
Tracking apps have also come under scrutiny for being exploited by abusers in domestic abuse cases, wherein the apps are installed on a phone surreptitiously by the phone owner's partner.
Google didn't immediately respond to a request for comment.
Editors' Note: Updated on Aug. 14, 2018 with a comment from the Fraunhofer Institute.
