There is an app on playstore by the name of "Jeeto Online".
They claim to store personal (name, phone, email, FB, physical address, IMEI ) and non-personal data under encryption .
Out of curiosity I audited the App's network transactions and could collect user's personal data simply by playing a Man in the middle.
Sample for proof : (Personal information masked for privacy reasons)
Female data points used to show the sensitivity of the leak.
Also, to prove my point I made a Solutions app for their Quiz :D using same attack.
For the curious here is my app.
https://play.google.com/store/apps/details?id=com.ideasrefined.jeetoonlineguide
So, stay vigilant when you are online. Not everything is what they say it is. Not just Pakistan, its everywhere.
Spread the message :)
They claim to store personal (name, phone, email, FB, physical address, IMEI ) and non-personal data under encryption .
Out of curiosity I audited the App's network transactions and could collect user's personal data simply by playing a Man in the middle.
Sample for proof : (Personal information masked for privacy reasons)
Female data points used to show the sensitivity of the leak.
Also, to prove my point I made a Solutions app for their Quiz :D using same attack.
For the curious here is my app.
https://play.google.com/store/apps/details?id=com.ideasrefined.jeetoonlineguide
So, stay vigilant when you are online. Not everything is what they say it is. Not just Pakistan, its everywhere.
Spread the message :)
