The Wall Street Journal takes a look at the privacy problems that have occurred with some apps on mobile devices, such as smartphones or tablets.
Computer security firm viaForensics has found the applications for top Internet companies LinkedIn Corp., Netflix, Inc., Foursquare and Square, Inc. stored various forms of users’ personal data in plain text on a mobile device, putting sensitive information at risk to computer criminals.
The Android applications of LinkedIn, Netflix and Foursquare stored user names and passwords in unencrypted form on their Google-powered devices.
Storing that data in plain text violates a commonly accepted best practice in computer security. Since many people tend to use the same usernames and passwords across any number of sites, the failing could help hackers penetrate other accounts. […]
A hacker would need skill and luck to exploit the vulnerabilities –- either via physical access to a person’s phone or through malicious software that is installed on the device — scenarios that could open bigger security risks than those created by the password problem alone.
Still, the opening is a concern.
“Data should not be stored on a phone,” said Andrew Hoog, chief investigative officer of viaForensics, which is based in Chicago. If data is stored on a phone, he said, it should be encrypted. […]
The apps exposed other types of personal data in plain text on cell phones –- like emails sent from the app by a LinkedIn member, or the movie queue of a Netflix app user, or search history under Foursquare’s Places tab.