Yik Yak .’s revived messaging app was supposed to bring days of truly anonymous local chat, but it could inadvertently make life easier for creeps. Computer science student David Teather get the news Motherboard that Yik Yak has a vulnerability that allows attackers to obtain both the exact location of posts (within 10 to 15 feet) and a user’s unique ID. Mix two pieces of information and can track user movement patterns.
Teather used a proxy tool to determine that YikYak sent both the exact GPS location and user ID with every message, even if users would normally only see vague distances and city identifiers. An independent researcher verified the findings for Motherboardalthough it’s unclear if anyone has exploited the vulnerability so far.
Yik Yak has not responded to a request for comment so far. The developer released three updates between April 28 and May 10, but it’s still uncertain whether they fully address the exposed locations. However, it’s safe to say that the problem puts users at risk, especially if they share any sensitive information with local chatters.
All products recommended by Engadget are handpicked by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.