Skip to main content

Multiple third-party Snapchat apps are leaking your account data

Multiple third-party Snapchat apps are leaking your account data:


If you’re using a third-party Snapchat app, it’s time to delete it. Change the password to your Snapchat account while you’re at it.

Will Strafach of Sudo Security Group, a company that researches security vulnerabilities in apps, came across numerous third-party Snapchat apps ignoring modern security conventions by sending user data over insecure connections.

The apps tested were on iOS, but that’s not to say that Android apps are immune, just that they weren’t included in the test.

The first offending app was Snapix. When a user enters their Snapchat login details into Snapix, the app transmits this data, in plain text, over a non-secure connection. Worse, it stores this data on its own server as well. There’s no legitimate reason a third-party app would need to store login information on its own server, but that’s not stopping Snapix.

Snapix may have been the most egregious offender, but it was by no means the only third-party Snapchat app with severe vulnerabilities. Two other applications, Quick Upload and SnapBox were also guilty of sending secure data in plaintext over an insecure connection.

Strafach only tested a few apps for these vulnerabilities, so this shouldn’t be interpreted as an exhaustive list. In fact, it’s generally better to avoid third-party applications that extend the functionality of social networks entirely as Snapchat itself warned in this blog post after a 2014 leak that saw thousands of videos and images leaked.

“When you give your login credentials to a third-party application,” Snapchat representatives said, “you’re allowing a developer, and possibly a criminal, to access your account information and send information on your behalf.”

➤ [ via 9 to 5 Mac]

(Via The Next Web » Apps)

Popular posts from this blog

Apple Launches Web Tool to Deregister Phone Numbers from iMessage

Apple today released a new web tool for users to deregister their phone number from iMessage in the event they switched to a non-Apple device. To deregister a phone number from iMessage, users simply enter their phone number in Apple's web tool, receive a free text message containing a code, and submit the code to complete the process. Users who still have their original iPhone can also transfer their SIM card back to the device and go to Settings -> Messages to turn iMessage off. 

Users switching from an iPhone to another device were often unable to receive SMS messages from another iPhone due to their phone number still being linked to iMessage. These specific errors with iMessage have been a well-known issue since 2011, which is when the messaging service debuted with iOS 5. They were also made even more apparent this past May, where a server glitch caused widespread message delivery problems. Apple was even sued over the matter in a California court, although the company cla…

Microsoft acquires iPhone email app Acompli

After accidentally announcing it a little early, Microsoft is officially confirming it has acquired email startup Acompli. The surprise acquisition means Microsoft is picking up a powerful email client for iPhone and Android in another move that further cements CEO Satya Nadella’s focus on cross-platform technologies. The Verge’s Casey Newton called Acompl "the Outlook for iPhone that Microsoft hasn’t yet built," and it seems Microsoft was equally impressed with the powerhouse email app. "We’re excited about what’s possible as we build on the app’s success and bring it together with work currently in progress by the Outlook team," the company said in a statement. "Our goal is to deliver fantastic cross-platform apps that support the variety of email services people use today and help them accomplish more." Recode first reportedthat Microsoft would make its latest acquisition official today; the company is said to be paying over $200 million for Acompli. A…

iOS 10.3.2 now available to download on iPhone and iPad

Nearly a month and a half after iOS 10.3.1 rolled out to the public, Apple has now officially released iOS 10.3.2 on iPhone, iPad and iPod touch. We're still waiting on detailed release notes from Apple, but the update screen reveals that the new version of iOS focuses on bug fixes and security improvements.
Continue reading...
Trending right now:
WannaCry: Everything you need to know about the global ransomware attackTim Cook's refusal to help FBI hack iPhone is validated by 'WannaCry' ransomware attackNetflix is testing a price hike that would be pure evil