Social trivia app QuizUp accused of sending user data in plain text and deceiving players [update]

Social trivia app QuizUp accused of sending user data in plain text and deceiving players [update]

Hit trivia app QuizUp has come under fire for alleged privacy and security issues, including insecurely transferring contact information, using ghost players, and having weaknesses that could lead to cheating, according to researcher and iOS developer Kyle Richter. When questioned by TechCrunch, QuizUp’s developer, Plain Vanilla, denied most of the claims, while noting that a bug had potentially caused weakened encryption.

Plain Vanilla’s response didn’t address all of Richter’s accusations, which include a censored sample of a stranger’s Facebook information sent to the app when matched up for a game. It is, however, worth noting that Richter is the developer of a competing trivia game, so he’s not exactly an impartial observer.


While playing QuizUp, I’ve come to suspect that the game wasn’t always matching up users in real-time. Some of the game’s appeal comes from it being against real people, but many of the users feel like robots or ghosts. The bigger issue, however, is the allegations of misuse of and mishandling of player information.

Update: Plain Vanilla says that the bug in third-party server software has been fixed. Meanwhile, an update to the app has been submitted to Apple that should resolve the other vulnerability. The developer appears to be genuinely sorry about the mistakes, and has pledged to do its best to ensure that something like this doesn’t happen again.

The developer also acknowledged that match-ups against ghost players are a known feature that was intended to improve the user experience when the user base was still small.

While the situation has drawn comparisons to Path’s contact list troubles from last year, Plain Vanilla maintains that it wasn’t storing contact information and was only transferring email addresses to find friends as requested before immediately deleting the data.

➤ Our Responsibility as Developers [Kyle Richter]
➤ QuizUp Sends Personal User Info To Strangers, Company Says Bug Contributed To Weakened Security [TechCrunch]

Related: QuizUp for iPhone wants to be the biggest trivia game in the world

Read next: With a whopping half a million lights, this man gets an early Christmas gift: a world record

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.