PanicGuard panic alarm app leaks your personal information, including location

Personal safety app is careless with your personal information.

PanicGuard panic alarm app leaks your personal information, including location

Regular readers will know that I have spent a not inconsiderable time grumbling about the poor state of Android security, with many consumers left in the lurch by their manufacturers without any method of updating their devices to protect against newly-discovered security vulnerabilities in the operating system.

However, the truth is that there’s something that’s much more critical to smartphone security than whether you chose an iPhone or an Android – and that’s third-party apps.

You can have the most secure OS in the world, with a seamless updating infrastructure for security patches, but it’s not going to do you any favours at all if you’re running an app which is sloppy when it comes to keeping your personal information private and secure.

Sign up to our free newsletter.
Security news, advice, and tips.

Researchers at Wandera have taken a close look at one app called PanicGuard, and found it lacking.

What makes PanicGuard’s failures particularly ironic is that it is actually intended to keep you safe.

As you can see from the app’s promotional video, PanicGuard is targeted specifically at people who feel vulnerable – including those who suffer from domestic abuse, people being stalked, or those who are worried about walking through the dodgy end of town…

If you feel threatened, the app can contact your nearest and dearest, telling them to contact the police, sharing your location and even taking video footage of your attacker.

PanicGuard was the first such personal safety app to be approved by UK police, but clearly it hasn’t been properly vetted for security flaws.

Wandera’s research reveals that PanicGuard fails to properly encrypt the user’s personal information, potentially exposing it to Wi-Fi sniffing hackers:

PanicGuard requires users to fill in their personal credentials upon their initial login. This includes obvious things like first name, last name, and e-mail however the app also takes in more personal information. Date of Birth, country, and emergency contact information are also required to register.

Furthermore, users’ locations are established during the login process including their exact longitude and latitude. For someone downloading a personal safety app, this information all seems pretty standard. However, what the innocent users of PanicGuard are unaware of is that their information is being transferred in plaintext over the internet.

This basically means that the HTTP connection the app uses to send information to its server is extremely insecure. Due to the nature of the connection, users’ credentials are susceptible to third party exposure.

There’s really no excuse for using such apps to use plaintext HTTP to transfer personal information in this day and age.

It’s ironic to think that an app designed – with obviously good intentions – to keep people safe, has at the same time reduced their security.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “PanicGuard panic alarm app leaks your personal information, including location”

  1. David Phillips

    This story has already been removed from the Wandera website as is completely false

    1. Graham CluleyGraham Cluley · in reply to David Phillips

      It's back on the Wandera website, including what appears to be a statement from PanicGuard

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.