How Burger King Russia Secretly Records Screens With Sensitive Information

295
-
Like this post? Rate it:

The following article is the courtesy of Fennikami.

Today, I finally got my hands on the widely advertised Burger King App (the one that promises to give free burgers and promo codes for friends).

So I opened the app on my iPhone, looked at the traffic and discovered the following:

What the heck is this?

And this is a request from the app to the server (on top) with the information about its version, phone model, launch time, display resolution. Looks fine. Doesn’t it?

But! In turn, the phone gets the information (below) about how to record a video from the screen.

Aside from that the parameter MaxVideoLength (Maximum video length) is shown as “0”, which means infinite recording (with the launched app)!

Meaning the app doesn’t just record the information from your screen once. It does it all the time and sends it back to the servers. How do you like that, mobile internet users?

Oh! And here is how the recording goes to the server!

Pay attention to the address *.appsee.com/upload (I will talk about what AppSee is in the end) on the left and the mp4 file on the right (all these squares are the video in raw format, which is being sent to the server in real time).

And here comes the cherry on top! The screen is being recorded even when you are typing your credit card number into the app (which is necessary to make an order).

And the finally: AppSee is a mobile app analytics program. Developers and marketers use this software to track the app.

Not only is recording the video of your screen is far from being cool, but the fact that the access to this information is given not just to the Burger King App developers but to such partners as AppSee (third party) is out of whack.

Let me remind you that the video is being recorded even when you are entering your credit card information. Every Tom, Dick, and Harry gets access to this data.

This is what the video looks like:

It’s a bit compressed but it doesn’t mean the server can’t someday send a configuration for recording an HD video. It would be truly sad.

How could you, Burger King?

UPD: Burger King App records your screen taps and can match them to the video on the screen. This information is also available to a bunch of people.

DISCLAIMER: The opinions expressed in Techendo articles and the comments are personal opinions of its authors, and do not reflect the opinions of the Techendo.com or any employee thereof. Techendo.com is not responsible for the accuracy of any of the information supplied by the Techendo.com bloggers and writers.

RSS
00:45
+1
Hah, very interesting. I think that geeks from other countries should test in the same way most popular apps. I think there will be a lot of such spy things discovered!
Loading...