This allows an attacker, for example, to see which accounts the victim is currently viewing.
The Android version of Paktor uses the quantumgraph analytics module that transmits a lot of information in unencrypted format, including the user’s name, date of birth and GPS coordinates.
We were interested in what could be intercepted if, for example, the user connects to an unprotected wireless network – to carry out an attack it’s sufficient for a cybercriminal to be on the same network.
Even if the Wi-Fi traffic is encrypted, it can still be intercepted on an access point if it’s controlled by a cybercriminal.
Some apps only allow users with premium (paid) accounts to send messages, while others prevent men from starting a conversation.
These restrictions don’t usually apply on social media, and anyone can write to whomever they like.
The table below contains a list of the top 500 registered domains (∗.example.com) ranked by the number of linking root domains.
This data is sourced from the Mozscape web index of 923 Billion domains and 5 Trillion pages.In Happn for Android there is an additional search option: among the data about the users being viewed that the server sends to the application, there is the parameter fb_id – a specially generated identification number for the Facebook account.The app uses it to find out how many friends the user has in common on Facebook.As a result, an attacker can end up with the email addresses not only of those users whose profiles they viewed but also for other users – the app receives a list of users from the server with data that includes email addresses.This problem is found in both the Android and i OS versions of the app. Some of the apps in our study allow you to attach an Instagram account to your profile.This is done using the authentication token the app receives from Facebook.