Mobile, TDR

Coupon app on Android leaks sensitive user data, report indicates

January 7, 2014

The Coupons App, an Android app that presents consumers with shopping discounts, is continuously sending unencrypted sensitive user data across the network, app risk management service Appthority told a publication this week.

That information includes device IDs, International Mobile Station Equipment Identity (IMEI) numbers, phone numbers, email addresses, zip codes and geolocations of devices, according to the report, which adds that the data could easily be stolen in a man-in-the-middle attack because it is unencrypted.

The app also leaks the “referer” HTTP header field, which identifies the previous website after a link was followed.

Appthority suggested in the article that The Coupons App may be unknowingly leaking information, meaning the permissions warning presented to users prior to downloading the app may be misleading.

prestitial ad