Hipster App Steals Passwords, Class Claims
The Hipster app that turns pictures into postcards swipes users’ address books and passwords and sends them to a third-party server that uses the information without consent, a class action claims in Federal Court.
Lead plaintiff Francisco Espitia sued Hipster for privacy invasion, computer crimes and other charges, on behalf of everyone who has downloaded the app since Jan. 1, 2011.
The app allows users to create postcards from photos they take on mobile phones. The postcards are attached to the locations from which they were sent, to make documenting memories easier. Users are given the option to share the postcards with others through their mobile devices.
But when users download it, the app, “without seeking to obtain consent, and without notice to the user, sought out and retrieved the list of personal contacts on the user’s mobile device. This list of personal contacts was copied and surreptitiously uploaded to Hipster’s third-party servers. In addition to the list of personal contacts of the user, other highly sensitive information such as passwords and geo-locations were also obtained by the Hipster App. All of this information was sent unencrypted over publicly accessible data channels,” according to the 67-page complaint.
The class claims that Hipster’s actions “involved the deliberate and intentional circumvention of technical measures within the mobile computing device in order to bypass the technical and code based barriers, including the plaintiffs’ and class members’ privacy settings which were intended to limit access by anyone other than the owner of the device.”
More: Courthouse News Service