A safety flaw in homosexual relationship app Jack’d has left personal intimate images publicly uncovered on the web.
Anybody with an internet browser who is aware of the place to look can entry tens of millions of personal images, even when they don’t have a Jack’d account.
Researcher Oliver Hough instructed BBC Information he had reported the flaw to Jack’d a yr in the past but it surely has nonetheless not been fastened.
The corporate has not responded to a request for remark.
Information web site The Register first reported the flaw on 5 February, regardless that it had not been fastened, as a way to warn the app’s customers.
Jack’d has been downloaded greater than 5 million occasions on the Google Play app retailer.
It lets members add “personal” images to their profile, which needs to be seen to solely particular individuals they’ve chosen to share them with.
Nonetheless, Mr Hough discovered that each one the images shared within the app have been uploaded to the identical open internet server, leaving them uncovered.
And BBC Information has seen proof that personal images are nonetheless publicly accessible on the net server.
Based on information web site Ars Technica, the app additionally leaked “location information and different metadata about customers”.
Earlier this week, the corporate’s chief govt, Mark Girolamo, instructed Ars Technica a repair could be deployed on Thursday
Nonetheless, Jack’d has not but issued a press release addressing the flaw and it stays unfixed.
“They acknowledged my report however then simply went silent and did nothing,” Mr Hough instructed BBC Information.
“A journalist contacted them in November and so they did the identical.”