Hit trivia app QuizUp has come under fire for alleged privacy and security issues, including insecurely transferring contact information, using ghost players, and having weaknesses that could lead to cheating, according to researcher and iOS developer Kyle Richter. When questioned by TechCrunch, QuizUp’s developer, Plain Vanilla, denied most of the claims, while noting that a bug had potentially caused weakened encryption.
Plain Vanilla’s response didn’t address all of Richter’s accusations, which include a censored sample of a stranger’s Facebook information sent to the app when matched up for a game. It is, however, worth noting that Richter is the developer of a competing trivia game, so he’s not exactly an impartial observer.
While playing QuizUp, I’ve come to suspect that the game wasn’t always matching up users in real-time. Some of the game’s appeal comes from it being against real people, but many of the users feel like robots or ghosts. The bigger issue, however, is the allegations of misuse of and mishandling of player information.
Update: Plain Vanilla says that the bug in third-party server software has been fixed. Meanwhile, an update to the app has been submitted to Apple that should resolve the other vulnerability. The developer appears to be genuinely sorry about the mistakes, and has pledged to do its best to ensure that something like this doesn’t happen again.
The developer also acknowledged that match-ups against ghost players are a known feature that was intended to improve the user experience when the user base was still small.
While the situation has drawn comparisons to Path’s contact list troubles from last year, Plain Vanilla maintains that it wasn’t storing contact information and was only transferring email addresses to find friends as requested before immediately deleting the data.
➤ Our Responsibility as Developers [Kyle Richter]
➤ QuizUp Sends Personal User Info To Strangers, Company Says Bug Contributed To Weakened Security [TechCrunch]