“Rawdogs user data”, personal information

A dating application, this week only, is found about a new advertisement that can be worn, that it contains user data exposed to the public. The data was loved and personal, including its approximate sites.

The application, raw, says it is so Recruited to promote “True and non -pelvic love” through its unique user interface, which resembles Perial (Uses the front and back cameras for your phone), but for dating. RAW has been announced recently A strange new piece of devicesAnd he called Raw ringWhat is alleged to allow users to track their lovers’ location to ensure that there is no fraud (there is no way that can lead to problematic scenarios, right?). Unfortunately, Raw seems to promote something else in a “unpleasant” way: user data.

Techcrunch Reports that Due to the lack of basic digital security protection, RAW was leaving personal information for users by mistake for public inspection. Indeed, before this week, anyone with a web browser could have access to the detailed application user information, including his birth date, display names, sexual preferences, and specific site data “on the street level”.

Techcrunch says she has discovered security palaces during a brief test of the company’s application. RAW was downloaded on the virtual Android device, then TC employees used a network monitoring tool to monitor data that is transferred to and from the application. The analysis showed that personal data was not protected by any kind of authentication barrier. TC says it has discovered the problem in the first “few minutes” of using the app. TC also notes that although RAW claims to protect users through a comprehensive encryption, he found no evidence of the presence of E2e. They dismantle the security vulnerability, such as:

When we downloaded the application for the first time, we found that it pulled the user profile information directly from the company’s servers, but the server did not protect the data that was returned with any authentication. In practice, this means that anyone can access private information for any other user using a web browser to visit the exposed server web address – api.raw.app/users/ Followed by a unique number of 11 number that corresponds to another application user. Change the numbers to comply with the identifier of any other user consisting of 11 number by returning the special information from the profile of this user, including its website data. This type of security vulnerability is known as the indirectly safe object reference, or EDOR, a type of error that can allow someone to access or modify data on another person’s server due to the lack of appropriate safety checks on the user to access data.

Gizmodo has reached Raw for more information. According to the data made by Techcrunch, security problems were corrected from Wednesday. “All of the previously exposed end points were secured, and we have implemented additional guarantees to prevent similar problems in the future,” Marina Anderson, co -founder of the Raw Dating application, told The Outlet.

It is not uncommon for companies to be badly secured by user data. Strange as it may seem, security is not a particularly huge priority in the software industry. It can take a long and expensive time and other parts of production and many companies may slow down Simply not care about him. With the dating application, however – it is clear that the business that is devoted to dealing with the most intimate data (literally) and sensitive data – it is clear that they pay to spend more time locking things. As they say: Wrap it before clicking on it.