I recently came across just by happen-stance a request made from the SpeedTest 3.6.1 application. This application has legitimate purposes and there is nothing wrong with it if you know what you're agreeing to. But what I thought was slightly disturbing, and I'm sure this exists on tons and tons of other iPhone apps as well, is that in plain text in the URL as a query string parameter, the exact GPS location (latitude and longitude) of your phone is sent out. I confirmed this works, and was able to track the phone to the exact building and get a pic from google earth. Plus I now know the exact version of the phone and it's operating system. Freaky. It's like straight out of CSI Cyber :-P Protect that data developers!
Sample url:
hxxp://www.speedtest.net/api/ios-config.php?&carrier=REDACTED&connection=2&configConnType=LTE&model=iPhone7%2C2&version=8.4.1&appversion=3.6.1.12&serverid=-1&lat=REDACTED&lon=REDACTED
More about neonprimetime
Top Blogs of all-time
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment