QuizUp security flaw sends your personal data to other players

BY Kelly Hodgkins

Published 25 Nov 2013

You may want to hold off on playing popular trivia game QuizUp, as the game may be sending your personal information to other players. This security and privacy flaw was detected by developer Kyle Richter and described in a recent blog post.

According to Richter, the QuizUp game sends your personal information to other players via a plain text file. Information in this file includes your full name, Facebook ID, email addresses and more. Richter didn’t divulge the steps he used to uncover this file, but he did confirm that “it took less than 15 minutes and can be done by even a novice tech-savvy computer user.” This is a very unsettling proposition, especially when you consider that this personal information is being to sent to other players who are complete strangers.

Richter writes:

In most circumstances, in a breach of privacy situation a company stores sensitive information in plain text on a server somewhere, someone comes along and figures out how to access that data. However in the case of QuizUp they actually send you other users’ personal information via plain-text(un-hashed); right to your iPhone or iPod touch. This information includes but isn’t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is. I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense.

Beyond the sharing of personal information among players, there’s a secondary issue with how QuizUp handles your contacts. QuizUp allegedly accesses your contacts and uploads your address book to their servers in plain text. This violates federal privacy laws and is the same behavior that resulted in an $800,000 fine for social network Path. Thus far, QuizUp has not responded to the allegations by Richter.

[Via iMore]

Want to know more about Apple Products?

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

How to Easily Remove Objects from Photos on iPhone

Rajesh

How to Use Your iPhone as Mouse for Your Mac

Rajesh

22 Best iPhone Weather Widgets You Can Get in 2022

Rajesh

How to Track Santa on Christmas Eve on Your iPhone or iPad

Chandraveer Mathur

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,