Dating App ‘Raw’ Accidentally Rawdogs Users’ Location Data, Personal Info

This week, an introductory application that announces a creepy new wear this week, openly announced users’ information. The information was granulated and personal, including approximents.

Application, raw, so says Dedicated to introducing “True and free love” through a unique user interface Bereal (Uses the front and rear cameras of your phone), but for dating. Raw recently announced A piece of a strange new techniquecalled Raw ringTo allow users to allow users to follow the location of users, which Pirport (there is no way to cause problem scenarios?). Unfortunately, the raw looks like that raw is also promoted with “not filtered” fashion: information of users.

Techcrunch It does not know that Due to the lack of basic digital security protection, raw accidentally released users’ personal information open to public inspection. Indeed, before this week, anyone who has a web browser, the date of birth, screen names, sexual advantages and detailed apps included in a detailed application user information, including street-level spatial data.

TechCrunch says that during a short test of the company’s app reveals security shortcomings. The raw is loaded on a virtualized Android device, and then TC employees used a network monitoring tool to observe the data transmitted to the app and applications. The analysis showed that personal information was not protected by any authentication barrier. TC says the first “a few minutes” problem to use the application. TC also notes that the raw claims to protect users by encryption from the end, E2EE did not find any evidence. Even the safety gap is so breaks:

When installing the application for the first time, we saw the user’s profile information directly from the company’s servers, but the server has not been protected by any authentication. In practice, this can include any user’s personal information to visit the web address of another user who is included in another user’s personal information using a web browser – api.raw.app/users/ Followed a unique 11-digit figure to suit another application user. To adapt to any other user’s 11-digit identifier, the user’s profile, including numbers, returned personal information. Such weakness is known as an error that allows you to access or change data on someone else’s server due to the lack of security vouchers in an invalid direct object or Idor to access the user’s data or anyone else’s server.

Gizmodo came out of raw for more information. According to the statements made to TechCrunch, security issues were patched on Wednesday. “All previously exposed end points have provided additional guarantees to prevent similar issues in the future,” said Marina Anderson, co-familiar use of Raw Dating, said he was a co-founder of the Raw Dating.

It is not uncommon to provide user information for companies. Strange as we can be sounded, security software industry is not particularly a great priority. This time can be expensive and slowed down, so many companies Just don’t worry about that. A job dedicated to the application of a dating, but the most intimate of users (literally) and sensitive information – this clearly pays a little more time to spend the locking items. As they say: Wrap before you hit.