Dating App ‘Raw’ Accidentally Rawdogs Users’ Location Data, Personal Info

A dating application, this week only, is found about a new advertisement that can be worn, that it contains user data exposed to the public. The data was loved and personal, including its approximate sites.

The application says, RAW, it is intended for promotion “real and uncomfortable” through its unique user interface, which resembles Perial (uses the front and rear cameras of your phone), but for dating. RAW recently announced a new part of the devices, called Raw Ring, which aims to allow users to track their fans site to ensure that there is no fraud (there is no way that can lead to problematic scenarios, right?). Unfortunately, Raw seems to promote something else in a “unpleasant” way: user data.

Techcrunch notes that due to the lack of protection for basic digital security, Raw was leaving incorrect personal information to users about public inspection. Indeed, before this week, anyone with a web browser could have access to the detailed application user information, including his birth date, display names, sexual preferences, and specific site data “on the street level”.

Techcrunch says she has discovered security palaces during a brief test of the company’s application. RAW was downloaded on the virtual Android device, then TC employees used a network monitoring tool to monitor data that is transferred to and from the application. The analysis showed that personal data was not protected by any kind of authentication barrier. TC says it has discovered the problem in the first “few minutes” of using the app. TC also notes that although RAW claims to protect users through a comprehensive encryption, he found no evidence of the presence of E2e. They dismantle the security vulnerability, such as:

When we downloaded the application for the first time, we found that it pulled the user profile information directly from the company’s servers, but the server did not protect the data that was returned with any authentication. In practice, this means that anyone can access private information for any other user using a web browser to visit the exposed server web address – api.raw.app/users/ Followed by a unique number of 11 number that corresponds to another application user. Change the numbers to comply with the identifier of any other user consisting of 11 number by returning the special information from the profile of this user, including its website data. This type of security vulnerability is known as the indirectly safe object reference, or EDOR, a type of error that can allow someone to access or modify data on another person’s server due to the lack of appropriate safety checks on the user to access data.

Gizmodo has reached Raw for more information. According to the data made by Techcrunch, security problems were corrected from Wednesday. “All of the previously exposed end points were secured, and we have implemented additional guarantees to prevent similar problems in the future,” Marina Anderson, co -founder of the Raw Dating application, told The Outlet.

It is not uncommon for companies to be badly secured by user data. Strange as it may seem, security is not a particularly huge priority in the software industry. It can be a consumer of time and costly, and other parts of production may slow down, so many companies simply do not care about them. With the dating application, however – it is clear that the business that is devoted to dealing with the most intimate data (literally) and sensitive data – it is clear that they pay to spend more time locking things. As they say: Wrap it before clicking on it.