Wandera researchers spotted an app designed to keep users physically safe putting users at risk by leaking their information.
PanicGuard is a “24/7 personal security” app, which allows users to shake their device in the event of an emergency to set off an alert that sends messages, including the user's location, to a predefined list of contacts and or the proper authorities.
Users are required to enter their first and last names, email address, date of birth, and emergency contact information however, all of this information is transferred in plain text meaning the HTTP connection used to send the information to the app's server is extremely insecure, according to a 20 June blog post.
Transferring sensitive information over HTTP is a known security risk that the app's developers should have avoided and as a result of their error, researchers said as many as 100,000 people could be at risk of having their data intercepted.
It is unclear if the issue has been resolved yet and PanicGuard has yet to respond to SC Media's request for comment.