University of New Haven researchers have uncovered a pretty sizable number of calling and messaging apps that have data-leakage problems on Android. These problems include storing images and videos in unencrypted form on the web, as well as chat logs and passwords being stored and sent in plain text on the device. TextPlus even stores screenshots on the device that the user does not take.
These issues could affect 968 million people who use these apps. The problems include:
- Tango and MessageMe left videos on a server, also unencrypted. TextMe and Nimbuzz stored passwords in plaintext on the device.
- Calling and messaging apps that sent text, images, location maps, music and video unencrypted over the network consist of ooVoo, Tango, Kik, Nimbuzz, MessageMe, TextMe, HeyWire, Hike and TextPlus. (Not all of them sent all forms unencrypted.)
- Several apps also stored chat logs unencrypted on the device. That includes TextPlus, Nimbuzz, TextMe, Kik, ooVoo, HeyWire, Hike, MyChat, WeChat, GroupMe, Whisper, LINE, and Voxer
It’s important to note that we’re just listing the messaging apps above. Other apps are also included in the problems and the full list of apps can be seen at the link above.
For these apps, according to Ibrahim Baggili, director of the university’s Cyber Forensics Research and Education Group and editor in chief of the Journal of Digital Forensics, Security, and Law, “Security is an afterthought.”
We’ll update this article if any new information surfaces.
Have you always felt safe sending and receiving messages using apps on Android? Let us know in the comments below.