Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Coupon app on Android leaks sensitive user data, report indicates

The Coupons App, an Android app that presents consumers with shopping discounts, is continuously sending unencrypted sensitive user data across the network, app risk management service Appthority told a publication this week.

That information includes device IDs, International Mobile Station Equipment Identity (IMEI) numbers, phone numbers, email addresses, zip codes and geolocations of devices, according to the report, which adds that the data could easily be stolen in a man-in-the-middle attack because it is unencrypted.

The app also leaks the “referer” HTTP header field, which identifies the previous website after a link was followed.

Appthority suggested in the article that The Coupons App may be unknowingly leaking information, meaning the permissions warning presented to users prior to downloading the app may be misleading.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.