Plain Vanilla, the developers behind QuizUp, has fixed the server side issues that caused data to be transmitted unprotected from the QuizUp servers. An update to the iPhone app should fix issues there. It appears that at least some of the major problems, including sensitive user data being transmitted unnecessarily, have been fixed.
The developer says that data is never sent to their servers as plain text, and is encrypted with SSL, and that the encyrption was weakend in some instances by a bug. While this is true, it was also not the problem. The issue was that the data was unhashed, meaning that while the SSL encryption kept out malicious third parties, the contents of the SSL traffic were readable by the sender and receiver. Since the data being sent is sensitive information about other users, this is a problem. If someone was to sniff the traffic to the app on their phone, they could see things like their opponent's Facebook tokens, which could make it possible to post as them. Thankfully, it seems like Facebook tokens are no longer transmitted between users.
Plain Vanilla also says that in reviewing QuizUp's security features, they discovered and fixed some minor errors. First, they claim that address book data was never stored on their servers, and was only used temporarily to help find friends. But address book content was sent to the servers unhashed, which will require an update to the QuizUp app to fix. Second, they say that a server error inadvertently sent a player's data to another player if they had modified the app to decrypt information. However, the app need not have been modified, as all a user needed to do to find this data was sniff the traffic coming to their phone. It does appear that Plain Vanilla has fixed this issue as well, as the data that gets transmitted no longer includes the user's gender, email address, or birthday, among other things.
The updated version of the QuizUp app is currently awaiting approval in the App Store and it's good to see Plain Vanilla taking these steps to improve security in their app.
Are you happy with the fixes being made to QuizUp? Will you keep playing? Let us know in the comments.
Special thanks to Nick Arnott
Introducing iPhone 13 VR
As far as concepts go, this is one of the best you'll see for a while.
Someone paid $2700 for an iPhone 11 Pro with a wonky Apple logo
People like rare things but would you spend $2700 on an iPhone with a misaligned icon?
ACNH: Today is the Fishing Tourney
C.J. is a beaver who shows up periodically in Animal Crossing: New Horizons. He'll randomly make visits to your island, but he'll also host various fishing competitions throughout the year where you can earn a ton of Bells and sweet Fish Swag.
Protect your new iPhone SE (2020) screen with a great screen protector
Keep your iPhone SE screen pristine from day one. Here are some of the best screen protectors you can buy.