In the current climate of government snooping and identity theft, that could be a problem financially or personally. You’re not tweeting it to everyone around you,” he said, but the data often isn’t actually protected. With private messaging features, naturally, “your expectation for privacy is heightened. That includes Twitter’s Vine, TextPlus, Nimbuzz, TextMe, MeetMe, SayHi, Kik, OoVoo, HeyWire, Hike, M圜hat, WeChat, GroupMe, Whisper, Line, Voxer and Zynga’s Words with Friends.Īll in all, the researchers estimate 968 million people total use the apps.
Several apps also stored chat logs unencrypted on the device. (Not all of them sent all forms unencrypted.) TextMe and Nimbuzz stored passwords in plaintext on the device.Īpps that sent text, images, location maps, music and video unencrypted over the network were Instagram, OKCupid, OoVoo, Tango, Kik, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike and TextPlus. Tango and MessageMe left videos on a server, also unencrypted. That’s exactly what’s happening now with Facebook’s Instagram, OoVoo, Grindr, HeyWire and TextPlus, the researchers found. There, the service stored image files unencrypted on a publicly available Web server. Some of the problems are similar to privacy problems in the Viber text-messaging app that the group detailed earlier this year. People may assume that sending messages, pictures and location maps to friends using the same app is private, but it’s not, he said. “Security is an afterthought,” said Ibrahim Baggili, director of the university’s Cyber Forensics Research and Education Group and editor in chief of the Journal of Digital Forensics, Security, and Law. Researchers are detailing the findings over five days in videos posted on the university’s Cyber Forensics Research and Education Group’s YouTube channel, starting Monday. The problems include storing images and videos in unencrypted form on Web sites, storing chat logs in plaintext on the device, sending passwords in plaintext, and in the case of TextPlus, storing screenshots of app usage that the user didn’t take.
SAN FRANCISCO – By sniffing out the details of network communications, University of New Haven researchers have uncovered a host of data-leakage problems in Instagram, Vine, Nimbuzz, OoVoo, Voxer and several other Android apps.