QuizUp accused of lax security that lets other players see your private data

QuizUp's lax security lets other players see your private data

Popular trivia game QuizUp reportedly has numerous security and privacy issues. The app seems to be sending your information to the devices of other users, including your name, email address, and Facebook ID. This information come to us from a blog post by developer Kyle Richter:

In most circumstances, in a breach of privacy situation a company stores sensitive information in plain text on a server somewhere, someone comes along and figures out how to access that data. However in the case of QuizUp they actually send you other users’ personal information via plain-text(un-hashed); right to your iPhone or iPod touch. This information includes but isn’t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is. I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense.

Also of note is how QuizUp handles access to your contacts. The game allows you to invite your friends to the game via text message, which you need to grant QuizUp access to your contacts to allow. Once this is done, QuizUp sends your contact's emails, in plain text, to their servers, in violation of federal privacy laws. This is the same thing that got social network Path in trouble last year.

Never mind for the moment that QuizUp breaks App Store rules. How is the security of your customers and their information not a top priority? How can you treat it so casually? That any developer might be so lax about security, particularly in a time when people are increasingly worried about their online privacy, is inexcusable.

For the full rundown on this issue, read Kyle's post. The extent of what he found is truly troubling.

Do you play QuizUp? Are you surprised by this information? Sound off in the comments below.

Source: Kyle Richter

Joseph Keller

Joseph Keller is a news reporter for iMore. He's also chilling out and having a sandwich.

More Posts

 

5
loading...
38
loading...
45
loading...
0
loading...

← Previously

How to view your Facebook activity log with Facebook for iOS

Next up →

MyPermissions for iPhone helps you stay on top of what apps have access to your accounts

There are 12 comments. Add yours.

Becjr says:

Never play it.
Am surprised by this.
It is an interesting twist on modern security - if everybody knows everything, then nothing is secret and no one will need to hack your systems.
:P

Sent from the iMore App

Dudeguypal says:

Well this is alarming. It sucks b/c I really enjoyed QuizUp. Plain Vanilla should be ashamed of themselves. Was this just a huge oversight? Or was this intended? It looks like it was interned to me.

Sent from the iMore App

Cojrom says:

I wish I never played this game now. It's a pity because the game itself is a really nice game.

Sent from the iMore App

Gsarfin says:

Never heard of it. Guess I'm glad now that this is known.

Sent from the iMore App

TacomaJustin says:

Loved the game but uninstalled it as soon as I saw this article.

sir17reeder says:

I've played it on a friend's phone I might not get it now though.

Sent from the iMore App

abaggy says:

Appreciate the heads up. Not a good thing.

Sent from the iMore App

zdn1042 says:

Uh-oh. Someone is gonna be in a lot of trouble. They should been more vigilant when it comes to the security of their users' information.
Good thing I haven't started playing it. Uninstalling the app right now. Thanks for the info.

Sent from the iMore App

asuperstarr says:

That's never good. This gets two thumbs down!

Sent from the iMore App

acondax says:

That's a shame. Never downloaded it but it's always crummy to hear about security breaches. The customers lose, the developers lose and no one is happy.

Sent from the iMore App

BeyondtheTech says:

Wow, what an invasion of privacy. Don't think I'll ever install this, even after they update it. Pity, but I wonder what other apps could be the same or worse?

Sent from the iMore App

liyajames says:

I cannot download quizup in my blackberry 10..can sumbody gimme a reason for it