Your Favorite Apps May Be Leaking Your Data

By now, word of hacking events and data breaches has spread to most consumers. In fact, the abundance of news reports surrounding data breaches has actually led to a new problem, data breach fatigue, which is the sluggish response some victims may have to news of yet another breach. But what about personal privacy flaws that aren’t the work of hackers or scammers, but are purely accidental?

When the hottest app to hit the streets launched with the game Pokemon Go, the online world went a little crazy trying to “catch ‘em all.” Game players took to the app by the millions, and social media feeds were flooded with screenshots of users’ latest Pokemon captures. It was only after the initial hysteria died down that security experts were able to get their dire warnings noticed: Pokemon Go was a seriously flawed app that allowed the developer to access the players’ photo streams, contacts lists, and even their email accounts, depending on how they logged in.

The developers of the game have adamantly stated that they have no interest in accessing users’ data and that the security hole was purely accidental, but that didn’t change a crucial fact: millions of players happily handed over access to their mobile devices’ sensitive accounts without a second thought for their security.

Another security hole in a different app, pregnancy and fertility tracker Glow, was announced this week after a team of investigators at Consumer Reports discovered the potential for stealing users’ data. Glow lets expectant and would-be parents use the app after gathering a lot of personal information, like names, birth dates, and email addresses. From there, users also input highly sensitive personal health information, like their sexual histories and any previous abortions or miscarriages.

Consumer Reports’ investigators used very basic free software to uncover flaws that gave them access to the users’ information. Due to the fact that Glow also has a member forum where users can post and participate in discussions, the team was able to glean even more information on members. Unfortunately, Glow’s model lets users invite each other to the app and to their accounts, which was another method through which they were able to gain access to members’ accounts.

The developers of the Glow app have now closed the security holes and thanked Consumer Reports for their independent investigation, but that is exactly the kind of personal data issue that too many consumers overlook when they download an app, grant permissions to a new tool to access their accounts, or input their private information into their accounts. Before you enter details like your address, your full name, or your birthdate—let alone any specific health information—you must ask yourself why this app could possibly need it. Check with the company and ask them how they plan to use it, and how they plan to keep others from accessing it. If you don’t get solid answers about your data security, then don’t share it.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

 

ITRC Sponsors and Supporters 

 

 

 

 

Go to top

 

The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.