QuizUp taken to task over Facebook privacy concerns

Plain Vanilla’s smartphone game QuizUp has found itself in the middle of a security storm.

TouchArcade reports on findings from games developer Kyle Richter who took a close look at exactly how the game was handling the Facebook data it asks for access to when it first loads up.

It was discovered that not only does the game freely send an unencrypted copy of a user’s personal details back and fourth between servers, but it also mines the same data for a user’s entire contact list.

Through my research into the way the app functioned it became apparent that they weren’t just exposing private information but were actively breaking numerous rules, policies, security best practices, and actively deceiving their users,” Richter found.

In the case of QuizUp they actually send you other users’ personal information via plain-text (un-hashed); right to your iPhone or iPod touch. This information includes but isn’t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is.

I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense.”

Plain Vanilla has since said that an update ‘fixing’ the issue is currently in submission with Apple, adding that the information in question was never stored on their servers.

However, as we’re talking about a design issue here as opposed to a bug, how much comfort that will bring is a matter of debate.

About MCV Staff

Check Also

PEGI 20: Ian Rice on 20 years of PEGI ratings and why they remain relevant in an an increasingly digital marketplace

In the midst of celebrating 20 years of the PEGI ratings system at WASD x IGN, Ian Rice, director general of the Games Rating Authority, took some time out to answer our questions