Dune! an app on the Google Play store that has been downloaded over five million times in the past few weeks, has been found to have a data and geolocation leak according to a blog post by Pradeo.
The gaming app Dune has been massively leaking data from each user's account. For example, the app geolocates each user's position and then relays their position to 32 distant servers which creates a huge security issue. The operating system version was leaked which allows others to know how vulnerable a system is, letting hackers decide if they are going to hack into the app's system based on their vulnerability.
According to Pradeo, 11 OWASP vulnerabilities were detected in the Dune! App putting users' at high risk of data leakage, denial of service and data corruption. The Dune! app embeds 20 libraries - many more than the average. For more than half of them the only purpose is to track users and get as much information as they can about them.