• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Dune! Game App Leaking Sensitive Data of Millions of Android Users

December 16th, 2017 Waqas Security, Android, Leaks, Privacy 0 comments
Dune! Game App Leaking Sensitive Data of Millions of Android Users
Share on FacebookShare on Twitter

Last week HackRead exclusively reported how a Fidget more spin app on Play Store is sending other apps data on an Android device to a server based in China. Now, security firms Pradeo’s researchers have identified that a popular game app on Play Store is performing quite a few unfavorable functions than what it is supposed to be.

According to their findings, the app called Dune! is actually plagued with a number of OWASP flaws and is constantly leaking sensitive data. It is also claimed that Dune! can facilitate the execution of denial of service attacks and can also perform data corruption.

It is rather unfortunate that Dune! has been downloaded 5 to 10 million times only in the past few weeks and currently is it listed in the Top Apps category of the Play Store.

Dune! Game App on Play Store Leaking Sensitive Data of Users

Dune! on Play Store

The app can leak critical private data including country code, device manufacturer, server provider, device’s commercial name, type of telephone network, battery level, device model number and operating system. Furthermore, it can also geolocate the device user although it is a gaming app and this sort of functionality is not required for the execution of the game.

It was noted that the stolen data is sent to 32 servers and due to the presence of 11 OWASP vulnerabilities including those that provide permission to other apps for bypassing security access, it is possible for third parties to collect sensitive data. Moreover, the app contains an excessively high number of external libraries and half of them are enabled with the capability of tracking users and obtaining as much information as possible.

In their official blog post, the researchers wrote that the app has 20 libraries, which is an above average number, and these libraries silently connect the device to unknown servers and perform data leakage.

Then there are the Broadcast-Service and Broadcast-Receiver vulnerabilities that also allow data leakage and denial of service attack to be executed. Also present is the URL canonicalization vulnerability that eventually paves way for directory traversal vulnerability and the X.509Trustmanager bug allows an attacker to access and read transmitted data as well as modify it on HTTPS connection.

It is evident that this app can be really dangerous for users especially government employees because sensitive data will be leaked without the knowledge of the user. An attacker can easily get to know the exact location of the user and use the information while performing other attacks.

 

  • Tags
  • Android
  • Data
  • Geolocation
  • Google Play
  • internet
  • LEAKS
  • Privacy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Keeper Password Manager in Windows 10 Exposed Saved Passwords
Next article Russian oil pipeline computer hacked to mine Monero coins
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us