Plain Vanilla, the developers behind QuizUp, has fixed the server side issues that caused data to be transmitted unprotected from the QuizUp servers. An update to the iPhone app should fix issues there. It appears that at least some of the major problems, including sensitive user data being transmitted unnecessarily, have been fixed.
The developer says that data is never sent to their servers as plain text, and is encrypted with SSL, and that the encyrption was weakend in some instances by a bug. While this is true, it was also not the problem. The issue was that the data was unhashed, meaning that while the SSL encryption kept out malicious third parties, the contents of the SSL traffic were readable by the sender and receiver. Since the data being sent is sensitive information about other users, this is a problem. If someone was to sniff the traffic to the app on their phone, they could see things like their opponent's Facebook tokens, which could make it possible to post as them. Thankfully, it seems like Facebook tokens are no longer transmitted between users.
Plain Vanilla also says that in reviewing QuizUp's security features, they discovered and fixed some minor errors. First, they claim that address book data was never stored on their servers, and was only used temporarily to help find friends. But address book content was sent to the servers unhashed, which will require an update to the QuizUp app to fix. Second, they say that a server error inadvertently sent a player's data to another player if they had modified the app to decrypt information. However, the app need not have been modified, as all a user needed to do to find this data was sniff the traffic coming to their phone. It does appear that Plain Vanilla has fixed this issue as well, as the data that gets transmitted no longer includes the user's gender, email address, or birthday, among other things.
The updated version of the QuizUp app is currently awaiting approval in the App Store and it's good to see Plain Vanilla taking these steps to improve security in their app.
Are you happy with the fixes being made to QuizUp? Will you keep playing? Let us know in the comments.
Special thanks to Nick Arnott
Apple launches redesigned online store with dedicated Store tab
After temporarily taking down the Apple online store, the company launched a redesigned store with its own dedicated Store tab.
Google is coming for the iPhone 13 with the Pixel 6 and Pixel 6 Pro
Google teased the Pixel 6 and the Pixel 6 Pro today and it finally appears that the company is getting into the flagship phone space.
Apple TV+ nabs eight Imagen Award nominations across five Apple Originals
Apple TV+ is in the running for as many as eight different Imagen Awards across five different Apple Originals, with Ghostwriter, Little Voice, and Ted Lasso among the nominees.
Webcam hacking is real, but you can protect yourself with a privacy cover
Worried people might be looking in through your webcam on your MacBook? No worries! Here are some great privacy covers that will protect your privacy.