That tracker app you installed on your family members' smartphones may be providing more information than you think, and not just to you.
German researchers at the Fraunhofer Institute analyzed 19 legal tracker apps available in the Google Play Store. The researchers closely examined how the apps collect information and how they protect highly sensitive user data.
They concluded that all 19 apps revealed 37 major vulnerabilities, with none of the apps programmed with default security features in place.
The research team stresses that tracker apps have legitimate uses. Parents often use them to monitor their children's location and to see messages and pictures they post online. They're perfectly legal so long as the person being monitored is aware of it and agrees to it.
Data stored in plain text
The researchers take issue with these apps' security features, or rather the lack of them. They found that most apps store highly sensitive data on a server in plain text, without any type of encryption.
"We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual's movement profile," said Siegfried Rasthofer, who headed the project.
The researchers said they were able to read out complete movement profiles for all app users, not just the ones being monitored. They suggest this security flaw could allow thousands of people to be tracked in real time.
"It enables total surveillance," said Stephan Huber, a member of the research team.
Lack of proper encryption
The researchers said they were also able to read the app users' login information because the developers either used improper encryption or no encryption at all. In one app, the team was able to easily access 1.7 million login credentials.
The Fraunhofer researchers said they informed the app developers and the Google Play Store team of their findings. They say Google has removed 12 of the 19 apps from its store.