Pinterest Stumbleupon Whatsapp
Advertisement

Mentally, we often give the world’s most popular apps a free pass when it comes to security.

If the brand is a household name, a huge number of people use the service, and the companies behind them are responsible for a vast amount of private data, there’s no way that the app itself could be insecure and riddled with flaws, right?

Wrong.

In fact, some highly-recognizable pieces of software are among the worst offenders. Let’s look at five popular apps with significant security vulnerabilities.

1. Hola Unblocker

I’ll kick off with Hola Unblocker. The free VPN provider used to be one of the most popular apps in the Chrome Web Store thanks to its ability to circumnavigate geo-locked content 5 Ways to Bypass Blocked Sites Without Using Proxies or VPNs 5 Ways to Bypass Blocked Sites Without Using Proxies or VPNs You're at work or school, but want to view a blocked website. You could try a proxy or VPN, but there are alternatives that you -- and the IT department -- might have overlooked... Read More .

However, as more and more people started using the service, questions arose. It quickly transpired the peer-to-peer VPN technology the app deployed meant its users were unwittingly participating in a giant botnet Hola is Basically a Botnet, Congress Redirected to Nude Photos, & More... [Tech News Digest] Hola is Basically a Botnet, Congress Redirected to Nude Photos, & More... [Tech News Digest] Also: Google offers unlimited photo storage, how you can pretend to be a destructive cat, and YouTube celebrates its 10th anniversary. Read More . Your computer was merely an exit node on the network.

In layman’s terms: if you’re running Hola, other people are using your internet connection to browse the web. It’s so hazardous for your security that the Electronic Frontier Foundation explicitly recommends against allowing it.

To make matters worse, Hola is selling access to exit node bandwidth (i.e. your computer) for $20 per gigabyte under the name of “Luminati.” The company is profiting from your insecurity.

What to Use Instead — A leading premium VPN provider The Best VPN Services The Best VPN Services We've compiled a list of what we consider to be the best Virtual Private Network (VPN) service providers, grouped by premium, free, and torrent-friendly. Read More . Free ones are tempting, but there will often be privacy implications.

2. Uber

In 2014, Uber became embroiled in a bitter row over its “God View”.

It allowed any one of its employees to track any passenger’s movements, with the situation coming to a head when one of the firm’s directors started tracking a Buzzfeed journalist who was reporting on the claims.

There’s a lot you can tell about a person from their location. When they arrive at and leave work, if they’re spending the night at home or frequently somewhere else, how religious someone is based on their location on Sundays. Location is a sensitive thing that wraps a lot of other sensitive things.

— Parker Higgins, activist at the Electronic Frontier Foundation

Since the incident, Uber has updated its terms. Drivers can only access travel records to settle disputes and fix bugs.

But the app still has issues. In 2016, a Londoner discovered someone had hacked her account and billed her for five rides in Guadalajara, while another British person got a bill for $600, for trips in New York, despite never visiting the United States. They are far from the only victims.

uber brand

U.S. authorities are currently involved in an ongoing investigation into the company’s “phantom rides,” though Uber itself claims it “found no evidence of a breach at [the company]”. The case continues…

What to Use Instead — Your bike?!

3. Angry Birds

When combined, the various iterations of the Angry Birds series have been downloaded more than two billion times. It makes the app an attractive proposition for hackers.

But in this case, it’s not hackers you need to worry about. Instead, it’s the government. Both the NSA and Britain’s GCHQ used the game to grab users’ age, gender, and location. A leaked classified report in 2012 in the U.K. even included a code for mining entire user profiles on Android devices.

angry birds promo

And even if government surveillance doesn’t concern you What Does the NSA Court Ruling Mean for You and The Future of Surveillance? What Does the NSA Court Ruling Mean for You and The Future of Surveillance? A US appeals court has ruled that bulk collection of phone record metadata by the National Security Agency (NSA) is illegal. But what does this mean for your privacy? Are you still being watched? Read More , the app has developed a reputation for aggressive ad libraries that snatch your phone’s call logs, your signal, carrier, device ID, and number.

What to Use Instead — We’ve covered hundreds of Android and iOS games elsewhere on the site. Whether you want retro classics 5 Best Retro Games That You Can Emulate On Android 5 Best Retro Games That You Can Emulate On Android Emulation allows you to play retro games on your PC, but have you tried it on your phone? Here are five fantastic titles to try on your Android device. Read More  or something casual 7 Great Android Games For Casual Gaming 7 Great Android Games For Casual Gaming For those of you who love to play games in random idle moments, here's a list of great games which are entertaining, cheap, casual, silly and easy to pick up and set down. Well okay,... Read More , you’ll be able to find one to suit your tastes.

4. Any Yahoo App

How many times does a company need to be the victim of a massive data breach before you simply stop using it?

Yahoo has consistently been in the headlines for all the wrong reasons over the last few years, but no story has been more worrisome for end users than the December 2016 revelation that one billion accounts had been compromised. The hackers used “forged cookies” so a browser didn’t prompt users for a password on every visit.

Worst of all, it took Yahoo almost two and a half years to discover the issue and make the news public. In conjunction with the 2014 theft of 500 million user details, it points to a company in crisis with no control of its internal systems.

Do you trust Yahoo to keep you safe? I certainly don’t. My advice? Delete any apps and close your account today.

What to Use Instead — The list is endless. Need an email address The Best Free Email Accounts You Need to Consider The Best Free Email Accounts You Need to Consider Everyone knows about Gmail. If you think that's the best free email account out there, you're underestimating all the other services. You have options and we have the details. Read More ? Use Gmail. Looking to replace the excellent Yahoo Finance? There are lots of alternatives 10 Financial Websites That Help You Stay On Top Of The Market 10 Financial Websites That Help You Stay On Top Of The Market If you want to make the most of your money, you're going to need to stay on top of financial news. Here are 10 sites that make it easy. Read More . Need a weather app? Try Wunderground or The Weather Channel 7 Best Free Weather Apps for Android 7 Best Free Weather Apps for Android Read More .

5. Adobe Flash Player

Does any self-respecting internet user still have Flash installed on their machine? Apparently, the answer is Yes.

Today, it’s used on fewer than 10 percent of the world’s websites. Almost all modern ones no longer rely on it. In fact, it’s mainly become a method for serving ads.

We saw the most severe vulnerability in 2011 when experts discovered Flash enabled “webcam spying” — hackers could trick users into unwittingly activating their webcam and microphone using “click-jacking” techniques.

But the situation has barely improved. In the first six months of 2015, experts unearthed a barely-believable 94 vulnerabilities. They included 32 flaws that allowed Denial of Service attacks What Exactly is a DDoS Attack and How Does it Happen? What Exactly is a DDoS Attack and How Does it Happen? Do you know what a DDoS attack does? Personally, I had no idea until I read this infographic. Read More , 68 that allowed code execution from malicious sources, and 13 that allowed attackers to steal information directly from a victim’s computer.

Adobe has moved quickly to fix the vulnerabilities in most cases. However, in February 2010 it was forced to apologize after not fixing a known problem for more than a year.

Annoyingly, the company does not specify which holes it’s closing in its near-daily security updates. Thus, it’s impossible to know how many serious issues the developers have closed without the public ever knowing about them.

What to Use Instead — HTML5. The latest version of the markup language has rendered Flash almost irrelevant Google Chrome Kills Flash, Using HTML5 by Default Google Chrome Kills Flash, Using HTML5 by Default Google is finally ditching Adobe Flash, and switching to HTML5 by default. If everything goes according to plan, Adobe Flash will be virtually dead by October 2017. Read More .

Who Can You Trust?

Of course, this list is not exhaustive. In the current climate, it’s virtually impossible to definitively say any app is 100 percent secure.

As a user, your only weapon in the fight is the web. If you’re serious about your security, make sure you do your due diligence before signing up to a new app or service — especially if it needs personal information or your credit card details.

Which woefully insecure apps would you add to this list? Let me know in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. John Smith
    April 11, 2017 at 6:57 pm

    Uninstall Uber?
    Yet no mention of Facebook, Instagram, Whatsapp, snapchat, skype, or pretty much ANY social networking/chat app.
    At least Uber is useful, and they tell you in advance they collect data about your location, which is essential to their business.
    Also funny how you list Uber but not Lyft, which pretty much is the same business model.

  2. Shafiq Khan
    March 29, 2017 at 10:37 am

    Any Yahoo App - Does this mean Flickr too?

  3. Doc
    March 28, 2017 at 5:48 pm

    I've still got one Facebook game that requires Flashplayer, so you'll get it when you pry it out of my cold, dead fingers. (I've recently switched to playing on Chromium, so I'm using Google's PepperFlash, but still...)

  4. Jack
    March 28, 2017 at 5:27 pm

    Unfortunately, for Flash Player I found that when I used Adobe software uninstaller for windows 10, I found that windows 10 added it back again.

    • Rockstarrocks
      March 29, 2017 at 6:29 pm

      I don't think adobe flash, which is preinstalled in Win10 can be removed just like preinstalled UWP apps. (Although u could try some powershell cmds, but for me it didn't work.)

    • Shadow
      May 15, 2017 at 11:53 pm

      I have the same problem. But it doesn't add the Flash Player again, but the folders.

    • Shadow
      May 15, 2017 at 11:55 pm

      In my case it doesn't reinstall the Player itself. But I see that the folder are back after uninstall.

  5. TA
    March 28, 2017 at 2:17 pm

    Sigh... look, I *know* Yahoo! is a security car-crash of a company, but in the list of "exit-ramps" you gave for them, you ignored the 800-pound, snarling, chest-thumping gorilla in the room...

    ...Flickr. I am a Flickr Pro user, and have over 8,000 of my photos there (uploaded over more than a decade). If there was an alternative service that genuinely outshone Flickr in every way that mattered, and provided a straightforward means of migrating content, I'd drop Flickr and its hapless owner faster than a potato plucked straight from a reactor core.

    Failing that, I live in hope that Yahoo! will sell (or be forced to sell) off Flickr, but I suspect it's the only reason that many people keep their Y! accounts, so Y! will probably ll cling to Flickr until it's hydraulic-spreader-ed out of their cold dead claws...