Another Fitness App Exposes Users Data
Independent Researcher Finds PumpUp Data Was Accessible on Unsecured Amazon Server.
For at least the third time in recent months, a mobile fitness app maker apparently has exposed consumers’ sensitive personal information.
So what are the makers of these apps doing wrong when it comes to security?
The PumpUp breach appears to have resulted from misconfigured security controls, notes
Keith Fricke, tw-Security Partner and principal consultant.
“App makers need to ensure their quality assurance processes not only check for secure coding practice, but configuration management/change management practices need to keep a close eye on maintaining security controls, even the basic ones such as passwords in this case,”
Fricke says consumers should always carefully read vendors’ end use license agreements “and try to understand what expectations the vendor providing the mobile health app sets regarding privacy.”