(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Several apps using the older version of Twitter-owned MoPub's software development kit (SDK) are exposing millions of their users' location data.
Seven apps have been sending users’ unencrypted GPS location data to MoPub’s servers, according to a report by International Digital Accountability Council (IDAC).
Twitter's MoPub provides monetisation services for global mobile app developers and publishers. MoPub's clients include popular gaming companies like Zynga, the creator of games such as Words with Friends 2 and Farmville.
MoPub’s failure to protect unencrypted data transmission is responsible for the data leak, the report stated.
Also read | Twitter flags Trump tweet on mail-in ballots over “disputed” content
The apps sending location data include Beach Cricket, Yellow Pages, Game Booster, Baby Care, Blue Light Filter for Eye Care, Ringtone Maker & MP3 Cutter, and Compass & Spirit Level. In total, these apps have over 86 lakh installs.
Apps using the MoPub SDK that have not updated to the current version continue to use older versions of the protocol, confirming that Twitter continues to support an unsecured mechanism of sending precise GPS location information for potentially millions of current app installations.