Popular apps with 18 million combined downloads in the App Store found vulnerable to silent data interception
After scanning through the binary codes of applications in the iOS App Store, Will Strafach’s verify.ly service has detected that 76 popular apps in the store are currently vulnerable to data interception. The interception is possible regardless if App Store developers are using App Transport Security or not. A few months ago, similar vulnerabilities were discovered with Experian and myFICO Mobile’s iOS apps.
Consumers downloading apps from the App Store have to rely on Apple’s approval process for vetting insecure applications, and even then there isn’t a guarantee that Apple hasn’t missed something crucial. Just last year hundreds of apps in the App Store had been found to be using private APIs to collect private user data, a violation of the App Review Guidelines. The recently launched public beta test of Will Strafach’s Verify.ly service looks to provide a “warning label for apps” to everyday consumers.
While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.
All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …
Users of third-party Snapchat apps may want to delete them and change their passwords on the social media platform as soon as possible. New discoveries revealed today point to the fact that multiple third-party Snapchat apps are sending copies of user credentials over non-secure connections to their own servers.