According to a recent report, if you are in need to go to a pharmacy, you don’t have to worry about locating it, because it will find you.
Privacy experts say that a latest coding bug in the CVS app is causing the US retail pharmacy to involuntarily share its user’s location with over 40 network servers.
The application for the store gives you the access to search for proximate pharmacies and to get vouchers and get refills for your prescriptions virtually. But, a single huge fault in the app is putting the users’ privacy in jeopardy.
According to the director of security and privacy research at the ICSI, Mr. Serge Egelman, there is a major privacy blunder with the application’s store detector option, which results in giving out the Global Positioning System coordinates to numerous external bodies.
He said that the store finder option basically works by directing your current site to the firm’s own servers, where it is used for finding out if there are any drug stores close by to you.
But, his group found out that the issue is that it doesn’t just send this information to the firm’s servers, it also sends all of these details to every random server that gets loaded on the page.
This means that every other link that turns up while you are on the store finder page, whether it’s an ad from the Google or any independent website, all of them receive your whereabouts.
Egelman said that a couple of the links that have been reported to receive users’ sites from the CVS app include googleadservices.com and static.ads-twitter.com. He further said that he is not of the opinion that the CVS is willingly attempting to trade the whereabouts of its users.
He said that the manner in which the data is being shared and the entities with whom it is being shared appear to be nothing but a huge error. He believes that the sole reason behind this mishap could be bad coding. However, he did admit that he can’t say anything with certainty.
So far, the issue has only been seen in the android version of the application. But, it’s still unsure if the iOS app is safe from it because Egelman and his team haven’t looked into it that deeply yet.