Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, exhaust our batteries, and in one case, uncover links in chats that end-to-end. To be encrypted. Among the worst offenders, according to research published on Monday, are messengers from Facebook, Instagram, LinkedIn and Line. More about this soon. First Preview Brief Discussion.
When a sender includes a link in a message, the application will interact with the text (usually a title) and display images that come with the link.
For this to happen, the application has to go to a proxy – link specified by itself or the application, open the file there, and survey what’s in it. This can open users to attacks. The most serious are those that can download malware. Other forms of malice can force an app to download files so that they cause the app to crash, drain battery, or consume a limited amount of bandwidth. And in the event the link leads to private contents – say, a tax-app server posted to a private OneDrive or DropBox account has an opportunity to view and store it indefinitely.
Monday’s report, the researchers behind Talal Hajj Beri and Tommy Mysk, found that Facebook Messenger and Instagram were the worst offenders. As the chart below shows, both apps download and copy a linked file completely – even if it is gigabytes in size. Again, this can be a concern if the file is something that users want to keep private.
Haj Bakri and Mysk reported their findings to Facebook, and the company said that both apps work as intended. LinkedIn performed only slightly better. The only difference was that instead of copying files of any size, it only copied the first 50 megabytes.