Last updated: February 24, 2023, 8:15 AM IST
5 million downloads is a large sample size for concern
The app helps people share private conversations, but all data is stored in an insecure manner.
The popular Android voice chat app with over 5 million downloads has leaked data including users’ conversations. The OyeTalk app uses Google’s Firebase mobile app development platform, but according to a report, all data stored on the platform was vulnerable without any password protection.
According to the details of researchers of Cyber news, the content of the exposed users includes the IMEI number, their in-app usernames, and all unencrypted chats. But one should agree that exposing the IMEI number puts millions of people at greater risk as the bad actors can use the details to track down the devices and who owns them.
The report states that the leaked database is about 500 MB in size, suggesting that the attackers have already accessed the data or even removed it from the available set, which also puts millions and their private chats at risk.
The folks at Cybernews have also noticed that most of the sensitive user data is hard-coded into the app along with the API keys, which is never a good move and leaves people open to potential intrusion and data breaches. The researchers argue that the fact that they are so readily available shows the shoddy work that the developers of the app have done.
But that’s not the only worrying thing. The Cybernews team contacted the developers of the voice chat app and they have not heard back from the company. In the end, it was Google’s security measures that were used to close the loophole and ensure that the database was safe.
We come across such security agencies regularly, but such app security flaws that allowed data like IMEI numbers to leak is a major concern. Having over 5 million users means that the app is popular, but if you are one of them, we recommend that you uninstall the app and reset the passwords of important accounts right away.
Read all the latest technical news here