JusTalk, a well-known video calling and texting program assert that it is secure and encrypted. However, a security flaw revealed that the software was neither safe nor encrypted after discovering a sizable internet cache of user private conversations without encryption.
With 17 million users worldwide, the messaging app has a sizable international user base and is mainly utilized in Asia. In addition, more than 1 million Android users have downloaded JusTalk Kids, the messaging app's kid-friendly and compatible version, according to Google Play.
JusTalk promises its website that "only you and the person you interact with can view, read, or listen to them: Even the JusTalk staff won't access your data!" Furthermore, JusTalk claims that both apps are end-to-end encrypted, meaning that only the persons in the conversation can read its communications.
But a study of the internal data cache disproves those assertions. Millions of JusTalk user messages are included in the data, their precise send date and time, and the sender's and recipient's phone numbers. Records of calls made using the app were also included in the data.
This week, security researcher Anurag Sen discovered the data and enlisted TechCrunch's assistance in alerting the business. The messaging app's developer, Juphoon, a cloud computing company based in China, said that it spun out the service in 2016 and is currently owned and operated by Ningbo Jus, a business that appears to have the same office as mentioned on Juphoon's website. However, Leo Lv, the creator of JusTalk, and other executives did not comment publicly on this discovery. In addition, the business has not made any effort to clean up the leak.
It was possible to monitor entire conversations, including those from kids using the JusTalk Kids app to talk with their parents. Each message saved in the data contained every phone number in the same discussion.
Thousands of users' precise locations were also included in the internal data gathered from users' phones. There were particularly dense concentrations of users in the United States, United Kingdom, India, Saudi Arabia, Thailand, and mainland China.
Sen claimed that the information also included records from a third app, JusTalk 2nd Phone Number, which enables users to create fake, temporary phone numbers rather than sharing their cell phone numbers. The user's cell phone number and each ephemeral phone number they made are visible upon evaluating some of these records.
This is just the most recent in a string of data leaks in China. An extensive database of roughly 1 billion Chinese citizens was stolen earlier this month from a Shanghai police database kept in Alibaba's cloud. Parts of the data were made available online. Beijing has not yet made a statement regarding the leak, but social media mentions have been heavily muted.
About JusTalk
Founded in 2016, JusTalk is a China-based company. JusTalk is a video and voice calling programme created by a software business with more than 17 million users worldwide. The app is available on iPhone, iPad, desktop and Android.
