Storing passwords in plaintext is a bad idea. You’d think that the smarties at Netflix and Foursquare would know better. But the Wall Street Journal reports their Android versions—and other apps—do no such thing. Not good.
According to security firm viaForensics, the the Netflix, Foursquare, and LinkedIn apps for Android are storing your passwords without a trace of encryption. Square’s apps for both Android and iOS are vulnerable as well—albeit differently—revealing transaction and digital signature histories to prying hacker fingers.
Any responses, fellas? Foursquare, LinkedIn, and Netflix have all released mea clupas, saying they’re “working on” fixes for the unencrypted vitals. Square, on the other hand, blames global credit card standards for the data their app holds. Keep that in mind next time you swipe your card through someone’s phone. [WSJ]
