Dating blog feeds world
As such, the researchers were able to get authorization tokens for social media from almost all of the apps in question.The credentials were encrypted, but the decryption key was easily extractable from the app itself.
We informed the developers in advance about all the vulnerabilities detected, and by the time this text was released some had already been fixed, and others were slated for correction in the near future.
It turned out that most apps (five out of nine) are vulnerable to MITM attacks because they do not verify the authenticity of certificates.
And almost all of the apps authorize through Facebook, so the lack of certificate verification can lead to the theft of the temporary authorization key in the form of a token.
As our researchers found out, one of the most insecure apps in this respect is Mamba.
The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.), and the i OS version connects to the server over HTTP and transfers all data unencrypted (and thus unprotected), messages included.