Wednesday, January 24, 2018

Jeeto Online App Audit

There is an app on playstore by the name of "Jeeto Online".

They claim to store personal (name, phone, email, FB, physical address, IMEI ) and non-personal data under encryption .

Out of curiosity I audited the App's network transactions and could collect user's personal data simply by playing a Man in the middle.

Sample for proof : (Personal information masked for privacy reasons)
Female data points used to show the sensitivity of the leak.


Also, to prove my point I made a Solutions app for their Quiz :D using same attack.

For the curious here is my app.
https://play.google.com/store/apps/details?id=com.ideasrefined.jeetoonlineguide

So, stay vigilant when you are online. Not everything is what they say it is. Not just Pakistan, its everywhere.

Spread the message :)