Fontys S7

Vulnerability analysis app

We all have apps on our phone and we generally don't really think about them as possibly insecure. So I took the liberty to check a really popular app and just see how secure is it really?

This was not what I was expected. I thought a big company with a really popular app surely would spend a lot of time and effort on security and probably nothing would show up as an issue. So lets dive a little deeper in these issues.

A lot of these issues are about insecure or legacy hashing and encryption algorithms. I think it might have to do something with backwards compatibility or performance, but if this isn't the case they should really look into modernising these issues and using newer algorithms. By using such a weak algorithm to secure your messages. It really makes me think if they can really call there messaging service end-to-end encrypted.

This is the only issue that is worrying me. It looks like there is a permission leak on one of the APIs, that could be exploited by another malicious app on your phone. I don't know what this API is being used for or what it can do, but if it can access location services or read messages this could be a big problem.