QuizUp Allegedly Caught Leaking Private Information About Users

Posted Nov 26, 2013

QuizUp is a new iPhone game that was released on the Apple App Store earlier this month.  The app hit 2 million users, but they may have been leaking private information that was stored on your phone.  That information was sent to other users, according to Kyle Richter, developer of a competing trivia app called Trivium.

QuizUp did find two bugs and one of them was fixed. The other bug will be fixed when Apple allows the app to be updated on the Apple App Store.  QuizUp lets players compete against friends and strangers in over 300 categories of trivia. After signing up, the app asks for access to your e-mail contacts or Facebook friends.

“In the case of QuizUp they actually send you other users? personal information via plain-text(un-hashed); right to your iPhone or iPod touch. This information includes but isn?t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is. I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense,” stated Richter in a blog post.

QuizUp said that no information was leaked by the bug and they are not storing user information on servers.

[Source: BI]