Roskoshestvo checked the clones of the social network of “Vkontakte” for music listening in order to understand whether they can be trusted with personal information. Clones appeared after the application of the social network was to limit listening to music.
For testing was selected nine popular applications in the Google Play store. Some of them disappeared from Google Play, but the next day reappeared under new names. In the App store such applications was not due to policy of Apple.
As it turned out, all verified application requests reasonable permissions. Unjustified giving the opportunity to “spy” users, having access to contacts, photos, camera, and other sources of information. The personal data they transmit is encrypted, malicious software was found.
But revealed a vulnerability. For example, an insecure implementation of the SSL and the lack of verification of the host certificate. Every second app found XSS, then the attacker has the ability to forge a link to the server and redirect the person to a third-party resource, where there is a risk of leakage of personal data and download malicious programs on the user device.
The main vulnerability check applications is the threat of losing control of your account in the social network. Moreover, if the username and password used on other sites. In this case, they are under threat.
According to the head of the Centre for digital expertise Roskoshestvo Anton Kukanova, Roskoshestvo is not recommended to use third-party social networking apps, including those designed for listening to music “Vkontakte”. To protect your account, he advises using two-factor authentication. Support of “Vkontakte” also warned that when you use applications, you can lose the page.
Read more •••