Finding a hotspot can be one of the most annoying things when you’re out and about. An Android app called WiFi Finder — downloaded by thousands of users — was meant to make that entire process easier. By simply typing in an address, people would be able to find the Wi-Fi in a “cafe, restaurant, airport, or any other places.”
However, it seems that this popular app ended up exposing the Wi-Fi network passwords for more than two million networks, as reported by TechCrunch. The database — which anyone could access and download — was discovered by Sanyam Jain, a security researcher and member of the GDI Foundation.
TechCrunch was unable to contact the developer after more than two weeks. The host, DigitalOcean, ended up taking down the database. A spokesperson told the outlet, “We notified the user and have taken the [server] hosting the exposed database offline.”
Along with network passwords stored in plaintext, TechCrunch reported that the records contained the Wi-Fi network name, its “precise” geolocation, and its basic service set identifier. Some of the data included information on home Wi-Fi networks.
Random people having access to your Wi-Fi network isn’t a good thing — they’re protected for a reason. For example, people may be able to monitor the sites you visit and gather passwords or other information.
What’s also alarming about WiFi Finder is that it requires users to give up access to their locations, full contact lists, and the ability to read, modify, and delete data on their phones, as noted by Gizmodo.
There are a few people warning others not to download or use the app on its page within the Android store. However, it should be said again: if an app — whose developer you don’t even know — is asking you to give up that much information, don’t use it.