Fitify exposed 373,000 files, including 138,000 user-uploaded progress photos, through an unsecured Google cloud storage bucket. These progress photos often displayed users in minimal clothing, raising privacy concerns. The private user data was accessible without any passwords or security keys, making it highly vulnerable. Additionally, the app contained hardcoded secrets that could potentially allow attackers to access more sensitive user data, despite promises of encrypted data transmission made in its Google App store description.
Fitify exposed 373K files including 138K progress photos through unsecured Google cloud storage.
Progress photos often showed minimal clothing, making exposure particularly sensitive for users.
Private user data was accessible without passwords or security keys.
App contained hardcoded secrets that could enable attackers to access more user data.
Collection
[
|
...
]