Yik Yak, an app that acts as a local anonymous message board to find the precise location and unique ID of users, motherboard Report. One researcher who analyzed Yik Yak data was able to access precise GPS coordinates of where posts and comments came from, down to 10 to 15 feet, and said he brought his findings to the company in April.
First launched in 2013, Yik Yak is popular on college campuses, where it is often used to gossip, post updates, and cyberbully other students. The app shut down in 2017 after waning relevance and failed content moderation attempts, only to come back to life last year. November, The company said It has more than 2 million users.
motherboard Talked to David Teather, a computer science student in Madison, Wisconsin, who raised security concerns with Yik Yak and published his findings in a blog post. The app displays posts from nearby users, but only approximate locations, such as “about 1 mile away,” up to 5 miles to let users know where updates from nearby communities are coming from.
Despite Yik Yak’s promise of anonymity, Teather noted that combining GPS coordinates and user IDs could de-anonymize users and find out where people live, as many may be using it at home, with data accurate to 10 to 15 feet. This combination of information can be used to track or spy on specific people, Teather mentioned, the risk may be higher for people who live in rural areas where homes are more than 10 to 15 feet apart, as GPS location can narrow the user down to an address.
as motherboard The data is accessible to researchers like Teather, who know how to use tools and write code to extract the information — but the risks are real enough to bring Teather to Yik Yak’s attention, the report said.
I have found @YikYakApp Millions of user locations are being exposed by sending the app the precise GPS coordinates (accurate to 10-15 feet) of all posts and comments, which can be collected by malicious actors to track user locations. https://t.co/pgT809okv7
— David Teather (@david_teather) May 9, 2022
“Because user IDs are persistent, it is possible to understand the day-to-day work of users, knowing when and where they publish YikYaks, which can be used to find out what a particular YikYak user is doing,” Teather wrote. He listed other ways in which data could be misused, such as finding out someone’s home, spying on users or breaking into someone’s home while they’re away.
Yik Yak did not respond to a request for comment edge.
according to motherboard, The latest version of the app released by Yik Yak no longer exposes precise location and user IDs, but Teather said he can still retrieve this information using previous versions of the app.
“If YikYak did take this more seriously, they would restrict these fields from being returned and break old versions and force users to upgrade to newer versions of the app,” he wrote in a blog post.