QuizUp accused of lax security that lets other players see your private data

Popular trivia game QuizUp reportedly has numerous security and privacy issues. The app seems to be sending your information to the devices of other users, including your name, email address, and Facebook ID. This information come to us from a blog post by developer Kyle Richter:

In most circumstances, in a breach of privacy situation a company stores sensitive information in plain text on a server somewhere, someone comes along and figures out how to access that data. However in the case of QuizUp they actually send you other users’ personal information via plain-text(un-hashed); right to your iPhone or iPod touch. This information includes but isn’t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is. I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense.

Also of note is how QuizUp handles access to your contacts. The game allows you to invite your friends to the game via text message, which you need to grant QuizUp access to your contacts to allow. Once this is done, QuizUp sends your contact's emails, in plain text, to their servers, in violation of federal privacy laws. This is the same thing that got social network Path in trouble last year.

Never mind for the moment that QuizUp breaks App Store rules. How is the security of your customers and their information not a top priority? How can you treat it so casually? That any developer might be so lax about security, particularly in a time when people are increasingly worried about their online privacy, is inexcusable.

For the full rundown on this issue, read Kyle's post. The extent of what he found is truly troubling.

Do you play QuizUp? Are you surprised by this information? Sound off in the comments below.

Source: Kyle Richter

Joseph Keller is the former Editor in Chief of iMore. An Apple user for almost 20 years, he spends his time learning the ins and outs of iOS and macOS, always finding ways of getting the most out of his iPhone, iPad, Apple Watch, and Mac.

12 Comments

Never play it.
Am surprised by this.
It is an interesting twist on modern security - if everybody knows everything, then nothing is secret and no one will need to hack your systems.
:P Sent from the iMore App
Well this is alarming. It sucks b/c I really enjoyed QuizUp. Plain Vanilla should be ashamed of themselves. Was this just a huge oversight? Or was this intended? It looks like it was interned to me. Sent from the iMore App
I wish I never played this game now. It's a pity because the game itself is a really nice game. Sent from the iMore App
Never heard of it. Guess I'm glad now that this is known. Sent from the iMore App
Loved the game but uninstalled it as soon as I saw this article.
I've played it on a friend's phone I might not get it now though. Sent from the iMore App
Appreciate the heads up. Not a good thing. Sent from the iMore App
Uh-oh. Someone is gonna be in a lot of trouble. They should been more vigilant when it comes to the security of their users' information.
Good thing I haven't started playing it. Uninstalling the app right now. Thanks for the info. Sent from the iMore App
That's never good. This gets two thumbs down! Sent from the iMore App
That's a shame. Never downloaded it but it's always crummy to hear about security breaches. The customers lose, the developers lose and no one is happy. Sent from the iMore App
Wow, what an invasion of privacy. Don't think I'll ever install this, even after they update it. Pity, but I wonder what other apps could be the same or worse? Sent from the iMore App
I cannot download quizup in my blackberry 10..can sumbody gimme a reason for it

Show more comments