Plain Vanilla, the developers behind QuizUp, has fixed the server side issues that caused data to be transmitted unprotected from the QuizUp servers. An update to the iPhone app should fix issues there. It appears that at least some of the major problems, including sensitive user data being transmitted unnecessarily, have been fixed.
The developer says that data is never sent to their servers as plain text, and is encrypted with SSL, and that the encyrption was weakend in some instances by a bug. While this is true, it was also not the problem. The issue was that the data was unhashed, meaning that while the SSL encryption kept out malicious third parties, the contents of the SSL traffic were readable by the sender and receiver. Since the data being sent is sensitive information about other users, this is a problem. If someone was to sniff the traffic to the app on their phone, they could see things like their opponent's Facebook tokens, which could make it possible to post as them. Thankfully, it seems like Facebook tokens are no longer transmitted between users.
Plain Vanilla also says that in reviewing QuizUp's security features, they discovered and fixed some minor errors. First, they claim that address book data was never stored on their servers, and was only used temporarily to help find friends. But address book content was sent to the servers unhashed, which will require an update to the QuizUp app to fix. Second, they say that a server error inadvertently sent a player's data to another player if they had modified the app to decrypt information. However, the app need not have been modified, as all a user needed to do to find this data was sniff the traffic coming to their phone. It does appear that Plain Vanilla has fixed this issue as well, as the data that gets transmitted no longer includes the user's gender, email address, or birthday, among other things.
The updated version of the QuizUp app is currently awaiting approval in the App Store and it's good to see Plain Vanilla taking these steps to improve security in their app.
Are you happy with the fixes being made to QuizUp? Will you keep playing? Let us know in the comments.
Special thanks to Nick Arnott
We may earn a commission for purchases using our links. Learn more.
EU to appeal Apple's $15 billion tax bill ruling
A new report says the EU will appeal a court decision stating that Apple's tax arrangements in Ireland did not breach state aid laws in the bloc. The EU says Ireland is owed nearly $15 billion by Apple.
Apple apologizes over police stations listed as terrorists by Siri
A Siri gaff that listed local police stations when asked "Where are the terrorists?" has been fixed, and Apple has apologized over the issue.
Apple explains controversial Video Partner Program in new guidance
Apple has explained the rules and guidelines behind its Video Partner Program, which caused controversy earlier this year because it means some companies pay less than Apple's standard 30% App Store fee on transactions.
Get your hands on these adorable Animal Crossing amiibo
Animal Crossing: New Horizons works with amiibo. Here's a list of all of them, including where to buy them.