With the help of Will Strafach’s verify.ly service, the detection of some 76 apps that are currently vulnerable to data interception has been uncovered.
Though there are only 76 among millions of apps who were listed down, these chosen few have a total of 18 million downloads. These means that there are 18 million users out there who are open to data inception.
It is known how this is possible since these apps are all fully compliant to terms and regulations of the App Store and App Transport Security. According to Strafach the iOS Transport Security feature cannot block these vulnerabilities present in the apps. Though its purpose was to better the privacy and security of users, it seems that this issue had passed through its purpose.
The vulnerable apps were categorized into three levels: low, medium, and high risk. The developers behind the apps were notified ahead of time to avoid conflict. There are said to be 33 low risk apps, 24 medium risk apps and 19 high risk apps. Some of them are not yet named but those who belonged to the low risk level were given.
Related: Android Smart Lock: A Feature of Both Convenience and Security
Low risk apps are those whose vulnerable data are only limited to the analytics data about the device, email address, and login credentials while those under medium risk level has the possibility of intercepting service login credential and/or session authentication tokens for logged in users. However, the high risk level apps are confirmed to intercept even the financial or medical service login credentials and/or authentication tokens of the users. Regardless of the risk, it is better to stay safe and protect one’s data from being stolen or used by attackers.
Here is a list of the Low Risk Apps
- ooVoo – Free Video Call, Text and Voice
- VivaVideo – Free Video Editor & Photo Movie Maker
- Snap Upload for Snapchat – Send Photos & Videos
- Uconnect Access
- Volify – Free Online Music Streamer & MP3 Player
- Uploader Free for Snapchat – Quick Upload Snap from Camera
- Epic! Unlimited Books for Kids
- Mico – Chat, Meet New People
- Safe Up for Snapchat – Quick Upload photos and videos from your camera roll
- Tencent Cloud
- Uploader for Snapchat – Quick Upload Pics & Videos to Snapchat
- Huawei HiLing (Mobile WiFi)
- VICE News
- Trading 212 Forex & Stocks
- 途牛旅游-订机票酒店火车票汽车票特价旅行
- CashApp — Cash Rewards App
- [Clone of legitimate service] (Removed from App Store as of 7 Feb 2017)
- 1000 Friends for Snapchat — Get More Friends & Followers for Snapchat
- YeeCall Messenger-Free Video Call&Conference Call
- InstaRepost — Repost Videos & Photos for Instagram Free Whiz App
- Loops Live
- Private Browser — Anonymous VPN Proxy Browser
- Cheetah Browser
- AMAN BANK
- FirstBank PR Mobile Banking
- vpn free — OvpnSpider for vpngate
- Gift Saga — Free Gift Card & Cash Rewards
- Vpn One Click Professional
- Music tube — free imusic playlists from Youtube
- AutoLotto: Powerball, MegaMillions Lottery Tickets
- Foscam IP Camera Viewer by OWLR for Foscam IP Cams
- Code Scanner by ScanLife: QR and Barcode Reader
The apps for the Medium and High Risk levels are to be updated 60-90 days since the issue was revealed. The names of the applications had to be kept confidential to due to the sensitivity of the issue, though it still being worked on. For now, security measures are being done in order to avoid vulnerable apps and data interception among users.
Source: Will Strafach