Teather used a proxy tool to determine that YikYak sent both the precise GPS position and user ID with every message, even if users would normally only see vague distances and city identifiers. An independent researcher verified the findings for Motherboard, although it’s not clear if anyone has exploited the flaw so far.
Yik Yak hasn’t responded to requests for comment so far. The developer released three updates between April 28th and May 10th, but it’s not yet certain if they completely address exposed locations. However, it’s safe to say that the issue left users at risk, especially if they shared any sensitive information with local chatters.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
social experiment by Livio Acerbo #greengroundit #engadget – original source here