Appvisory describes the Android app for e-scooters Tier as “critical”, around the same time that Google Play Protect suddenly warns about a well-known security app for Android. The latter can be fixed fairly quickly by downloading the latest version from the provider’s website, at least that’s what we get from a thread on this topic, as multiple users […]
Appvisory describes the Android app for Tier e-scooters as “critical”, around the same time that Google Play Protect suddenly warns about a well-known security app for Android. The latter can be fixed fairly quickly by downloading the latest version from the provider’s website, at least that’s what we get from a thread on this topic, as several Cerberus users are affected by this warning.
Since when has Ceberus been “unsafe”? @mobiFlip @LSAwesome @dennyf pic.twitter.com/ynF1We0h08
– Hendrik (@skywalka_de) August 14, 2019
Tier: location data can be leveraged
Slightly more people could be affected by an issue Appvisory describes in relation to the electric scooter rental company’s Tier app. This is the location data.
Current tests by APPVISORY application security specialists have shown that a version of the “TIER – Scooter Sharing” application operating system exhibits very critical behavior. Although the payment functions of the application are safely implemented in the iOS version (3.1.10) and in the Android version (3.1.6), the latter has significant data protection deficiencies. Therefore, the unencrypted transmission of location data, both from the vehicle and from the smartphone, could be verified during use.
Also, you are probably using a module that Google no longer likes.
With the help of this data, unknown third parties can create movement profiles for users. Additionally, the app uses a long-banned tracking item, the Android ID, the use of which has been officially banned by Google for several years. The reason: it is difficult for the user to change and thus the natural person can be identified. In terms of ease of use, the Android version is not yet fully developed compared to the iOS version.
New services should always be considered critically, especially when it comes to personal data. Security often takes a backseat when a new app should quickly serve as a trend.