Popular messaging app JusTalk left a huge database of unencrypted private messages publicly exposed to the internet without a password for months.
The messaging app has around 20 million international users, while Google Play lists JusTalk Kids, billed as a child-friendly version of its messaging app, has racked up over 1 million Android downloads.
JusTalk says both its messaging apps are end-to-end encrypted and boasts on its website that “only you and the person you communicate with can see, read or listen to them: Even the JusTalk team won’t access your data!”
But that isn’t true. A logging database used by the company for keeping track of bugs and errors with the apps was left on the internet without a password, according to security researcher Anurag Sen, who found the exposed database and asked TechCrunch for help in reporting the lapse to the company.
Th …
