Here's a little tip for app developers: encrypt everything, especially passwords. Security firm viaForensics fed some popular iPhone and Android apps through its appWatchdog tool and found that Netflix, LinkedIn, and Foursquare all stored account passwords unencrypted. Since the results were first published on the 6th, Foursquare has updated its app to obscure users' passwords, but other data (such as search history) is still vulnerable. While those three were the worst offenders, other apps also earned a big fat "fail," such as the iOS edition of Square which stores signatures, transaction amounts, and the last four digits of credit card numbers unencrypted. Most of this data would take some effort to steal, but it's not impossible for a bunch of ne'er-do-wells to create a piece malware that can harvest it. Let's just hope Netflix and LinkedIn patch this hole quickly -- last thing we need is someone discovering our secret obsession with Meg Ryan movies.Netflix, Foursquare, and LinkedIn Android apps expose your password originally appeared on Engadget on Thu, 09 Jun 2011 19:38:00 EDT. Please see our terms for use of feeds.
Permalink Wall Street Journal | viaForensics | Email this | Comments
Similar Newsgab Articles:
- Netflix.com's new look is focused on streaming, cribs UI elements from connected TV apps
- Hands-on with Netflix for Android (video)
- Shocker! Free Android apps outnumber free iPhone apps
- PlayOn app for Android 2.2 and above means Netflix, Hulu for all
- Microsoft demoes Twitter and Netflix apps for Windows Phone 7, releases final dev too