According to the viaForensics report, Foursquare, Netflix, LinkedIn, and Square all store various forms of personal information in plain text form on a mobile device, leaving these data vulnerable should a hacker choose to target these servers.
LinkedIn, Netflix, and Foursquare all share the same fatal flaw: these applications store both your unencrypted username and password information on your Android device. WSJ points out that since many individuals use these same logins across a multitude of web services, computer criminals who access this information could potentially do much more damage than just on these services. Imagine if your Foursquare login or password is what you use to do online banking.
The good news is that all three companies are aware of the issue, and are currently hard at work on locking down your valuable personal information. Foursquare pushed out an update yesterday, while Netflix and LinkedIn should have an update shortly.
Though the fact that the affected companies are working on a fix, the fact that these security omissions are happening on the larger, corporate-developed applications has me more than a bit worried. If this could happen to these applications, what’s to stop it from affecting the smaller applications where developers don’t necessarily have the know-how to plug these security holes (or money to hire somebody to plug them)?
As always, we want to know what you guys think about all this. Sound off in the comments below.
Share on Facebook
Add This To Del.icio.us
Add to Technorati