Android/iOS Stocks Apps Might be Leaking Your Trading Activity!
Seeking Alpha, an app that provides news and research related to the financial markets, has been secretly eavesdropping in the stock trading activity of its 2.4 million users worldwide.
On your PC, if you have visited a shopping website looking at shoes, and then opened another site, only to see an advertisement for the exact same pair of shoes from the very same shopping portal, this is how – for every page you visit, a ‘cookie’ is created. This is actually a file that records the page you visited and the time/date of the visit. When you visit another site later, its web server looks at the cookies present on your computer and serves you ads accordingly. This is based on the assumption that you visit sites that you are interested in.
A similar situation exists with mobile devices. Cookies are generated in the same way when you visit a page, only mobile ads are not served up as on PCs. What the Seeking Alpha app does is to collect information about a user’s stock trading history this way, looking for tickers. And curiously, the app is built upon HTTP, not a secure HTTP. This means that any hacker could view the data collected by the app – and it is in cleartext (easily readable and understandable by a human, no need for any additional processing). The username and password associated with the account is also transmitted this way.
It is not known now, how many Seeking Alpha app users have been affected. Security experts categorically maintain that the best way to protect yourself is by using a VPN, or Virtual Private Network.
What is a VPN?
In simple words, a physical server is placed between you and the internet. This server, known as a VPN server, encrypts all incoming and outgoing data. So any hacker looking at the data transmitted/received by your apps sees only random characters or ‘junk’. It would take him/her 734 centuries to decrypt your data with a standard laptop or a million laptops working continuously for 26 days. It is unlikely that any hacker would possess this kind of patience or processing power to do anything with your data.
Because you might not exactly be a tech expert to figure out whether the apps you use are secure or not, a VPN can help keep you safe from all such threats.