Popular messaging app JusTalk left a massive database of unencrypted private messages publicly accessible to the internet without a password for months.
The messaging app has approximately 20 million international users, and Google Play lists JusTalk Kids, billed as a child-friendly version of the messaging app, with over 1 million Android downloads. JusTalk claims that both of its messaging apps are end-to-end encrypted and that “only you and the person with whom you communicate can see, read, or listen to them: even the JusTalk team won’t access your data!” But that is not the case. According to security researcher Anurag Sen, who discovered the exposed database and asked TechCrunch for assistance in reporting the lapse to the company, a logging database used by the company to keep track of bugs and errors with the apps was left on the internet without a password.
