Mobile security vulnerabilities threaten millions in Latin America: ICFP and Citizen Lab fellow Beau Kujath finds security vulnerabilities in mobile applications in Latin America region.

Citizen Lab and an Open Technology Fund fellow analyzed popular Latin American mobile applications and found systemic security and privacy issues: several telecom apps use cleartext HTTP (allowing eavesdropping and injection), apps transmit personal data to third-party servers contrary to stated privacy claims, a Salvadoran crypto wallet uses Microsoft CodePush enabling remote updates outside app-store controls, and SMS-delivered links in multiple apps are vulnerable to SSL-strip attacks — collectively exposing millions of users to data leakage, manipulation, and potential supply-chain style compromise.