What is the issue - 63Red Safe mobile app described as ‘Yelp for conservatives’ exposes user data due to unsecured API.
Security researcher Robert Baptiste uncovered that the API of the 63Red Safe mobile app was open without any authentication, allowing anyone to view and access the data stored in the app’s database.
What is 63Red Safe?
63Red Safe is an iOS and Android mobile application that is designed for ‘keeping conservatives safe’. The apps help conservatives ‘Find great restaurants nearby, and see how expensive, how far away, and best of all, whether they are safe for conservatives’.
To be precise, 63Red Safe app helps conservatives to know beforehand if a restaurant will allow them to wear MAGA (Make America Great Again) gear while dining.
Why it matters - The developer of the app hardcoded his credentials and left all the credentials and the list of API endpoints in the app’s source code. This allows anyone to view or access user data as well as block/unblock users.