The mobile software industry is no stranger to large-scale leaks. A popular RPG on the Google Play Store Guidus just leaked data on a ton of its sizable user base. This leak, according to Cybernews, was avoidable, and it could have been a lot worse.
Guidus isn’t quite Genshin Impact, but it was able to garner a decent user base. The app has over 100k downloads, and the 4.2-star rating is the icing on the cake. It’s a nice-looking pixelated RPG with solid gameplay. Looking at it, we can tell that the app is legit, so what about the leak?
Guidus allowed players’ data to be leaked
Starting off, the situation sounds worse than it actually is, but it still needs to be highlighted. As per the source, the developers, Izzle, hardcoded sensitive data into the client side of the app. This meant that this data was accessible to just about anyone.
On the scale of leaked data, this information wasn’t bad at all. The information that people could access all pertained to the player’s progress. This includes their in-app currency and their progress through the game. If a bad actor got access to that information, they could erase that data and cause a player to lose their progress. That’s frustrating in and of itself, but it gets worse.
The developers also left keys hardcoded to the client end of the app. The Cybernews research team said that “Hardcoding sensitive data into the client side of an Android app is a bad idea…In most cases, it can be easily accessed through reverse engineering.” If a bad actor does access those keys, they might be able to get ahold of even more sensitive data on a player.
Izzle was told that Guidus leaked the data, but the company has yet to fix the problem. We’ll have to wait to see if the company does issue some sort of patch.
The post This popular Android RPG just leaked a ton of player information appeared first on Android Headlines.

Source: ndroidheadlines.com