When you download the app it asks for access to your location so it can start helping you find friends to get high with, but rather than sending this securely to a remote server, the work is done locally on your phone.
With a bit of tech know-how provided by Synack hacker Oren Yomtov, a nearby home router was used to intercept personal information going between the phone and the app platform, and even accurately locate users.
Synack called the app, which currently has 150,000 users, an “incredibly useful tool” for police.
In response to the findings, HighThere said:
HighThere! considers user privacy as a top priority. And for the past several months, we have been working diligently to enhance our current measures of protecting data. This work will be completed in the very near future, with an upcoming release that will include industry standard encryption, throughout all levels of the application.
Sure, some in the tech industry are working hard to make viable businesses out of pot smoking in places where it’s legal, but this one has “student project level” security and should be avoided – even if the download page implies there are hot stoner girls waiting to meet you.
There probably aren’t.