Jump to content
Awoo.

Security Company Claims Sonic Mobile Games Are Leaking Data


Badnik Mechanic

Recommended Posts

A security company performed a number of tests on several Sega apps on the google play store and found on average 15 security concerns with 3 titles.

  • Sonic Dash.
  • Sonic Dash 2.
  • Sonic the Hedgehog.

Problems included...

  • The 3 Apps geolocate users and relay their position
  • The 3 Apps leak device data
  • Data are sent to an average of 11 distant servers including 3 uncertified ones
  • The 3 Apps feature an average of 15 OWASP vulnerabilities

One of the more serious issues...

Quote

Among the distant servers reached by the affected SEGA apps when sending data, we can see that most have a tracking and marketing purpose. However, what caught Pradeo’s researchers attention is the fact that these apps are sending information to 3 uncertified servers of which 2 are a variant of Android/Inmobi.D, and represent a potential threat.

 

Full Story on TSS: https://www.sonicstadium.org/2018/01/security-company-raises-serious-concerns-over-some-sonic-mobile-games/

Source is here: http://blog.pradeo.com/sega-apps-data-leakage

Link to comment
Share on other sites

This is actually a pretty common issue on Android in general. The way apps are made and with how open the platform is, it's really easy to have holes such as this. Hell, there are cases where you have apps that can use other apps to get data that they themselves don't have permission to take. Most users just don't know what they're agreeing to when that pop-up menu comes up when you want an app. In terms of security, the system is little better than downloading an .exe file from some random site. It's actually one of the few things IOS has over the platform as Apple's security measures are pretty absolute in a lot of cases (though that has issues in itself too).

Reading further though, a lot of it seems to stem from the apps themselves (mainly with how data is sent out) so I wonder if this issue is present on their IOS counterparts.

It'll be interesting to see what comes out of this.

Link to comment
Share on other sites

25 minutes ago, Indigo Rush said:

I play Dash semi-regularly and Sonic 1 Mobile even more, I'd hate to have to delete them.

You don't have to delete them. You don't have to do anything. It's your life, man. Life is too short to let others tell you what to do. You've got to live your life, and know the way. 

Link to comment
Share on other sites

12 hours ago, Razule said:

You don't have to delete them. You don't have to do anything. It's your life, man. Life is too short to let others tell you what to do. You've got to live your life, and know the way. 

And soon those who own the mysterious unknown servers will also claim to live that life.

  • Nice Smile 1
Link to comment
Share on other sites

Such a deep poetry this topic is filled with.

Is there any reason to believe Sega or Hardlight or someone would do anything for the leaking problem? Some companies seem to be rather lazy...

Link to comment
Share on other sites

4 hours ago, BlueSky said:

Such a deep poetry this topic is filled with.

Is there any reason to believe Sega or Hardlight or someone would do anything for the leaking problem? Some companies seem to be rather lazy...

Well.... Data Protection laws potentially could apply here depending on what data is being leaked.

  • Thumbs Up 1
Link to comment
Share on other sites

4 hours ago, BlueSky said:

Such a deep poetry this topic is filled with.

Is there any reason to believe Sega or Hardlight or someone would do anything for the leaking problem? Some companies seem to be rather lazy...

I wouldn't be surprised if the solution Sega came up with is to just pull them from the Android store and pretend that's the end of it unless pressed.

  • Nice Smile 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

You must read and accept our Terms of Use and Privacy Policy to continue using this website. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.