Home News Couple Vow Android App Exposes User Passwords & Information

Couple Vow Android App Exposes User Passwords & Information

Aug 14, 2018

An app on Android called Couple Vow has exposed the personal information of users. More than 1.7 million passwords in plain text are exposed within this app. That is very significant and also very bad for people who have downloaded this app.

This particular app in question is an app that allows you to spy on those you love, such as a spouse or your children. Couple Vow is one of these spy apps available on Android, but a new report is showing just how vulnerable this app is. Keep reading to learn about the vulnerabilities found within Couple Vow and all of the exposed user information that was found.

Couple Vow Spy App for Android Exposed Over 1 Million User Passwords

The really horrible news about the Couple Vow app is that it has exposed 1.7 million user passwords. These passwords were unprotected and able to be viewed in plain text, which is very unsettling. With this app, you will have access to things such as text data, call data, and location information. That is not all though, as you also can see all sent content through the messaging feature.

Some people use this app if they are part of an abusive relationship, with often times the abuser putting this spy app on the phone of their victim without them knowing. While this app can be used for good purposes too, such as keeping tabs on your children, there is a lot of risk with this app. The vulnerabilities that were just found could end up allowing anyone to login to the app and then spy on any phones that the software is running on.

Couple Vow Spy App Also Could Lead to Nude Image Exposure

Beyond the passwords that were exposed in plain text, there are also issues with the app concerning nude pictures. One of the types of data that can be exposed in this app are nude pictures, which could be found by hackers. The ability to get the nude images is a separate vulnerability found within the app.

This means that it is not the same as the password exposure. There are quite a few weaknesses in Couple Vow, including just needing to request certain information from a server. The request is known as a GET request, and there is no password or username required to get the data.

Researchers over at Fraunhofer Institute for Secure Information Technology found out about all of the vulnerabilities related to Couple Vow. This is a German-based research company that was releasing this information during the DEF CON hacking convention.

The company titled the DEF CON talk and focused it on the security issues that are found within tracker apps. This research company also found that the logins were unencrypted, which means it was readable. All you had to do to read the user login information is be connected to the Internet. There was not even any authentication either, which meant you could get all information using just one GET request.

Couple Vow App Vulnerabilities Create Risks for Users

Even worse is that there is a vulnerability which allowed researchers to draw out the images within the app. You could get through nine each time, and there was a loophole that was easily exploited. This loophole led to even more photos to come through, which is where the nude photos came into play.

You could download the other photos and images, which of course were of other people. The researchers themselves did not download photos beyond their own, but the possibility was definitely there to do it. After all of this information was released, a comment was requested from Couple Vow developers, although they have not responded as of yet.

This is definitely a huge issue because spy apps and tracker apps can be useful for the right situations. The bad part is that even if you are using the app for a good purpose, such as tracking children on their phones, you are exposing much more information due to the vulnerabilities. We want to hear from you what you think about Couple Vow and the vulnerabilities found within the app. Do you think all of these spy apps have weak security due to it being a spy app? Is this an app that you use or do you use other tracker apps on your smartphone? We want to hear what you think of all issues relating to Couple Vow and the information released at DEF CON.