Mobile Applications We Helped Improve
Since 2018 we have analyzed the network traffic of more than 400 mobile devices. During this time, we found a high number of mobile applications that were sending data without encryption. There are several issues around this: i) these unencrypted requests generally leak user data or data associated with the mobile device putting user’s privacy at risk, and ii) these unencrypted requests can be intercepted in man-in-the-middle attacks and used to compromise the mobile device.
Whenever possible we report the lack of encryption to the application developers so they can make the application more secure. We have a Telegram channel where we give early warnings to users about applications that may be a risk, and we publish blogs with technical details when possible.
HTTP is still faster than HTTPS and therefore still chosen for updates, or content loading when developers see fit. Unfortunately this choice is often made not thinking on at-risk users who may be under digital surveillance or targeted by governments and powerful organizations.
In the next gallery we showcase all the applications that we reported security issues to since this project started back in 2018, in the hope of making them better.