ios

Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking

During a security assessment with the Emergency VPN our researchers found two issues: i) first, we found that the application MyFitnessPal for iOS was leaking the user email address in plain text over the network, and ii) second, advertisings are loaded through insecure connections leaking more data collected from the mobile device.

Use of Facebook UDP Priming Revealed in Unencrypted UDP Connection to port 33000

Early this year we observed suspicious UDP connections to port 33000 in a mobile device. This traffic contained a Facebook URL that included a Facebook Graph token, and it was sent unencrypted over the network. In this blog post we show details of this traffic, what information is leaked, and who is affected. We have reported this behavior to Facebook, who confirmed this traffic is part of Facebook’s normal behavior.