Your Data Is Not Protected Enough On Instagram, Nimbuzz And So On

Wednesday, September 10, 2014:  Researchers from University of New Haven have unveiled a host of data-leakage problems in Instagram, Vine, Nimbuzz, OoVoo, Voxer and other Android apps. The problem list includes storing images and videos in unencrypted form, storing chat logs in plaintext on the device, sending passwords in plaintext and storing screenshots of app usage.

Researchers have detailed about their findings in videos posted here, at the university's Cuber Forensics Research and Education Group's YouTube channel. The videos' posting started from Monday. Ibrahim Baggili, director of the university's Cyber Forensics Research and Education Group and editor in chief of the Journal of Digital Forensics, Security, and Law, said, "Security is an afterthought. People may assume that sending messages, pictures and location maps to friends using the same app is private, but it's not.”

The group detailed about the privacy problems in Viber text-messaging earlier this year. This time some of the problems are almost similar. In Viber, the service stored image files in unencrypted form on a public web server. The same thing is happening now with Instagram, OoVoo, Grindr, HeyWire and TextPlus. Some of the identified problems are: Tango and MessageMe which leave videos on a server in unencrypted form, apps which send text, images, location maps, music and video in unencrypted form and several apps which stored chat logs unencrypted on the device.

As per estimates, around 968 million people use these apps. Baggili said, with private messaging features, naturally, "your expectation for privacy is heightened.” But the data is not always protected. Unencrypted data was found by the researchers by monitoring network traffic of the devices and by examining files which are captured in the device's back-up software. Apps, running on iOS, have not been analysed by the research team, though.