The Wall Street Journal is reporting that some of the most widely used Android applications are putting users’ personal data at risk, based on research conducted by computer security firm viaForensics.
According to the viaForensics report, Foursquare, Netflix, LinkedIn and Square all store various forms of personal information in plain text form on a mobile device, leaving this data vulnerable should a hacker choose to target these servers.
LinkedIn, Netflix and Foursquare share the same fatal flaw: these applications store both your unencrypted username and password information on your Android device. WSJ points out that, since many individuals use these same logins across a multitude of web services, computer criminals who access this information could potentially do much more damage than just on these services. Imagine if your Foursquare login or password is the same for your online banking.
The good news is that all three companies are aware of the issue and are currently hard at work on locking down your valuable personal information. Foursquare pushed out an update yesterday, while Netflix and LinkedIn should have an update shortly.
Though the affected companies are working on a fix, the fact that these security omissions are happening on the larger, corporate-developed applications has me more than a bit worried. If this could happen to these applications, what’s to stop it from affecting the smaller applications where developers don’t necessarily have the know-how to plug these security holes–or money to hire somebody to plug them?
As always, we want to know what you guys think about this. Sound off in the comments below.