[German]Security researchers have discovered a data leak in an app dedicated to the prevention of domestic abuse. Here are some tips on this particularly sensitive topic.
The vpnMentor research team led by analysts Noam Rotem and Ran Locar recently discovered an incredibly sensitive data privacy incident. This data is taken from the ‘Aspire News’ app for the prevention of domestic violence. The security researchers have published their findings here.
The Aspire News App
The app was developed by the US non-profit organization When Georgia Smiled and can be installed on users’ smartphones to appear as a news app. However, it also includes emergency assistance features with resources for victims of domestic violence. This includes a feature that allows the person to send emergency calls to a trusted contact person.
Incorrect configuration reveals emergency calls
These emergency messages can be sent by voice recording with the victim’s details, their home address, the nature of their emergency and their current whereabouts. The developers of the Aspire News app had stored over 4,000 voice recordings on a misconfigured Amazon Web Services (AWS) S3 bucket. As a result, anyone could view and download any files over the Internet, similar to a cloud storage folder.
Although the Amazon Web Services (AWS) S3 bucket is now secured, this privacy violation represents a significant lapse in the basic data security practices of Aspire News App and When Georgia Smiled.
Any data breach poses a certain risk to those affected. However, an app designed for victims of domestic violence has a much greater responsibility to its users. Aspire News App is designed to protect victims, but by not protecting their identity, the app risks putting them at even greater risk.
An alert for developers
This privacy violation is a lesson for all developers, especially those who create apps for victims of domestic violence or other at-risk groups, that privacy must be a priority at all times.
Background information: The Aspire News app was developed by When Georgia Smiled, which has its headquarters in California, USA, and is considered a non-profit organization. The organization was founded by the American TV personalities Robin McGraw and her husband “Dr. Phil” McGraw.