Plain Vanilla, the developers behind QuizUp, has fixed the server side issues that caused data to be transmitted unprotected from the QuizUp servers. An update to the iPhone app should fix issues there. It appears that at least some of the major problems, including sensitive user data being transmitted unnecessarily, have been fixed.
The developer says that data is never sent to their servers as plain text, and is encrypted with SSL, and that the encyrption was weakend in some instances by a bug. While this is true, it was also not the problem. The issue was that the data was unhashed, meaning that while the SSL encryption kept out malicious third parties, the contents of the SSL traffic were readable by the sender and receiver. Since the data being sent is sensitive information about other users, this is a problem. If someone was to sniff the traffic to the app on their phone, they could see things like their opponent's Facebook tokens, which could make it possible to post as them. Thankfully, it seems like Facebook tokens are no longer transmitted between users.
Plain Vanilla also says that in reviewing QuizUp's security features, they discovered and fixed some minor errors. First, they claim that address book data was never stored on their servers, and was only used temporarily to help find friends. But address book content was sent to the servers unhashed, which will require an update to the QuizUp app to fix. Second, they say that a server error inadvertently sent a player's data to another player if they had modified the app to decrypt information. However, the app need not have been modified, as all a user needed to do to find this data was sniff the traffic coming to their phone. It does appear that Plain Vanilla has fixed this issue as well, as the data that gets transmitted no longer includes the user's gender, email address, or birthday, among other things.
The updated version of the QuizUp app is currently awaiting approval in the App Store and it's good to see Plain Vanilla taking these steps to improve security in their app.
Are you happy with the fixes being made to QuizUp? Will you keep playing? Let us know in the comments.
Special thanks to Nick Arnott
We may earn a commission for purchases using our links. Learn more.
It's coming! The new Mac Pro now has FCC approval
The new Mac Pro is finally, really, absolutely, definitely coming after it appeared on the FCC registry. There's no going back now!
Apple CEO Tim Cook's pressing the flesh in Japan
Apple CEO Tim Cook is in Japan, and he's taking to Twitter to share his time there as me meets developers and Apple Store teams.
Is 64GB in an iPhone enough? I think so, and I'll tell you why
Apple has been accused of scrimping on storage by continuing to sell a 64GB version of its flagship iPhones. But 64GB is plenty for me, and here's why I think it might be plenty for you, too.
Webcam hacking is real, but you can protect yourself with a privacy cover
Here are the best webcam privacy covers available for your MacBook that’ll give you some serious peace of mind.
