More than billion users chat apps of Android apps such as Instagram, Oovoo, OKCupid and Grindr could be at risk from eavesdroppers and snoopers after University of New Haven researchers found serious data leakage problems.Many of the Android apps send text wirelessly unencrypted, and store images on servers for weeks without encryption or authentication.
Researchers are detailing the findings over five days in videos posted on the university's Cyber Forensics Research and Education Group's YouTube channel, starting Monday.
Ibrahim (Abe) Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering, and head of the cFREG said "Anyone who has used or continues to use the tested applications are at risk of confidential breaches involving a variety of data, including their passwords in some instances."
"Although all of the data transmitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user has no clue."
Baggili said this is especially true when there is a "man-in-the-middle attack."
"It's wrong for a stranger to be able to look at your private information without you even knowing they are doing it," he says. "Depending on the app, user locations, passwords, chat logs, images, video, audio and sketches can be viewed by people invading the user’s privacy."
The researchers found the unencrypted data by monitoring the devices' network traffic, seeing words they'd type into the apps appear in plaintext over the network, and by examining files captured with in device backup software. The organization hasn't analyzed apps running on iOS, Apple's mobile operating system.
