iOS Dropbox and Facebook apps presents big security hole

On April 7, 2012

Nobody likes their privacy being invaded and a lot of steps have been taken by not only the lawmakers but also app developers to ensure that the privacy of the users are in good care. However, we simply do not think that the same applies to the Dropbox and Facebook apps in both iOS and Android applications.

This is because the authentication key for the applications is not encrypted but is rather given out in plain text. In return, it poses a big security flaw because anyone that has access to the application will be able to spoof the identity of user. What is more disturbing is that the expiry date for this authentication key is on 1 Jan 4001. Suffice to say that once users get the authentication key, they can use it for an unlimited period of time or until the user decides to close his or her account.

Credits to be given to security researcher Gareth Wright for discovering this security hole. He did note that there is still no evidence that the method is used to gain access to the user’s information. However, he does expect the two applications to release an update in the future to put a stop to this security hole.