The mobile app of one of the most recognized mobile technology conferences in the world is reportedly leaking its attendees' personal information, according to new research.
Experts at mobile security firm Appthority ran the official Mobile World Congress Android app through its analysis framework and found some serious flaws.
The app collects the data – before authentication takes place – through “API calls to MWC servers” and includes attendee full names, addresses, company names and titles, in addition to data belonging to their social media accounts. The information is left in plain text in “a sqlite database within the resource folder” of the device. Appthority suggests that spammers could easily scrape the contact information without even attending the event in Barcelona.
The app could put the more than 100,000 attendees able to download it at risk if they don't take caution.