PanicGuard panic alarm app leaks your personal information, including location

Personal safety app is careless with your personal information.

Graham Cluley

PanicGuard panic alarm app leaks your personal information, including location

Regular readers will know that I have spent a not inconsiderable time grumbling about the poor state of Android security, with many consumers left in the lurch by their manufacturers without any method of updating their devices to protect against newly-discovered security vulnerabilities in the operating system.

However, the truth is that there’s something that’s much more critical to smartphone security than whether you chose an iPhone or an Android – and that’s third-party apps.

You can have the most secure OS in the world, with a seamless updating infrastructure for security patches, but it’s not going to do you any favours at all if you’re running an app which is sloppy when it comes to keeping your personal information private and secure.

EmailSign up to our newsletter
Security news, advice, and tips.

Researchers at Wandera have taken a close look at one app called PanicGuard, and found it lacking.

What makes PanicGuard’s failures particularly ironic is that it is actually intended to keep you safe.

As you can see from the app’s promotional video, PanicGuard is targeted specifically at people who feel vulnerable – including those who suffer from domestic abuse, people being stalked, or those who are worried about walking through the dodgy end of town…

If you feel threatened, the app can contact your nearest and dearest, telling them to contact the police, sharing your location and even taking video footage of your attacker.

PanicGuard was the first such personal safety app to be approved by UK police, but clearly it hasn’t been properly vetted for security flaws.

Wandera’s research reveals that PanicGuard fails to properly encrypt the user’s personal information, potentially exposing it to Wi-Fi sniffing hackers:

PanicGuard requires users to fill in their personal credentials upon their initial login. This includes obvious things like first name, last name, and e-mail however the app also takes in more personal information. Date of Birth, country, and emergency contact information are also required to register.

Furthermore, users’ locations are established during the login process including their exact longitude and latitude. For someone downloading a personal safety app, this information all seems pretty standard. However, what the innocent users of PanicGuard are unaware of is that their information is being transferred in plaintext over the internet.

This basically means that the HTTP connection the app uses to send information to its server is extremely insecure. Due to the nature of the connection, users’ credentials are susceptible to third party exposure.

There’s really no excuse for using such apps to use plaintext HTTP to transfer personal information in this day and age.

It’s ironic to think that an app designed – with obviously good intentions – to keep people safe, has at the same time reduced their security.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

2 comments on “PanicGuard panic alarm app leaks your personal information, including location”

  1. David Phillips

    This story has already been removed from the Wandera website as is completely false

    1. Graham Cluley · in reply to David Phillips

      It's back on the Wandera website, including what appears to be a statement from PanicGuard

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.