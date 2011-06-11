According to the App Watchdog on viaForensics, your data is not as safe as you might think.
Popular apps like Twitter and LinkedIn have security flaws that could be exploited, exposing your personal data.
Consider Square, the mobile app that lets users accept credit card payments — part of the credit card numbers used with the app are readily available to whoever wants them.
What follows is a breakdown of other surprisingly big-name apps and the problems with each one, both for Android and iPhone.
Android:
- Retained user name
- Retained list of action history
- Retained list of all file names, dates and times
iPhone:
- Retained user name
- Retained list of action history
- Retained documents and downloads
Android:
- Retained eBay and PayPal user names
- Retained last four digits of bank account and credit card number
- Retained last transaction amount and address
iPhone:
- Retained user name
- Retained recent search history
Android:
- Username and password stored insecurely
- Comments and search history stored insecurely
- Geo-locations stored insecurely
iPhone:
- Username stored insecurely
- Comments and search history stored insecurely
- Geo-locations stored insecurely
Android:
- User and recipient e-mail addresses insecurely stored
- E-mail content insecurely stored
Android and iPhone:
- Username stored insecurely
- Entire conversation logs stored insecurely
Android:
- Retained user name
- Retained all friends, including their profile info and email
- Retained notifications sent, status updates and profile pictures
iPhone:
- Retained user name
- Retained user and friend profile data
- Retained status updates, check-ins, and posts to other profiles
- Retains data from viewed walls and profiles
Android:
- Retained user name and password
- Retained first & last name, home address and email
- Retained last 4 digits of credit card number
- Retained list of groupons purchased
iPhone:
- Retained user name
- Retained email and address
- Retained last 4 digits of credit card number and expiration date
- Retained all purchases
Android:
- Username and password stored insecurely
- Full contact list and messages stored insecurely
iPhone:
- Username stored insecurely
- Full contact list and messages stored insecurely
Android:
- Retained user name
- If PIN is set to protect data, it is stored unencrypted
- Retained account info, transactions, balances and alerts
iPhone:
- Retained user name
- Retained account names, balances, and transactions
- Retained alerts for payments, due dates, budget info, deposit amounts
- Retained income and expense info
Android:
- Username and password stored insecurely
- Account holder name stored insecurely
- Queue stored insecurely
iPhone:
- Account holder name stored insecurely
- Partial queue stored insecurely
iPhone:
- Retained user name
- Retained history of bump account transfer feature
- including date, time, and GPS location coordinates of transaction
- Retained email of both parties involved in transfer
Android and iPhone:
- Username stored insecurely
- Entire conversation and contacts list stored insecurely
Android:
- Username stored insecurely
- Phone number of last sent text receipt stored insecurely
iPhone:
- Username stored insecurely
- Last 4 digits of credit card number stored insecurely
- Transaction amounts stored insecurely
- Customer signature stored insecurely
Android and iPhone:
- Username stored insecurely
- Tweets, direct messages and followers stored insecurely
Android and iPhone:
- Username stored insecurely
- Search history stored insecurely
iPhone:
- Username stored insecurely
- Friend List stored insecurely
- IM logs stored insecurely
