QuizUp accused of lax security that lets other players see your private data | iMore

Popular trivia game QuizUp reportedly has numerous security and privacy issues. The app seems to be sending your information to the devices of other users, including your name, email address, and Facebook ID. This information come to us from a blog post by developer Kyle Richter:

In most circumstances, in a breach of privacy situation a company stores sensitive information in plain text on a server somewhere, someone comes along and figures out how to access that data. However in the case of QuizUp they actually send you other users’ personal information via plain-text(un-hashed); right to your iPhone or iPod touch. This information includes but isn’t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is. I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense.

Also of note is how QuizUp handles access to your contacts. The game allows you to invite your friends to the game via text message, which you need to grant QuizUp access to your contacts to allow. Once this is done, QuizUp sends your contact\’s emails, in plain text, to their servers, in violation of federal privacy laws. This is the same thing that got social network Path in trouble last year.

via QuizUp accused of lax security that lets other players see your private data | iMore.


1 thought on “QuizUp accused of lax security that lets other players see your private data | iMore

  1. I think this is extremely dangerous. I know QuizUp is becoming really popular with a lot of my friends and I mentioned this article to some of them and they were very shocked. A lot of the girls I told about this were mostly afraid of people being able to find out where they were at and other people being able to locate them. I do not think that most cared that their names or facebook ID’s were being leaked I think they were more concerned about their location being given out to others. The other information did not seem to be as big of a threat to them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s