cancel
Showing results for 
Search instead for 
Did you mean: 

Beware of McDonald's app

Triguy
Mayor / Maire
4 REPLIES 4

ckl
Town Hero / Héro de la Ville

I can think of a few possibilities on how somebody got that person's credentials. here's some off the top of my head:

1. It could be a rogue app made to look like the real Mcdonalds app but it's sole purpose is to harvest user credentials. Anyone can reverse engineer an .apk, change some code, recompile it and upload it as a new app. Any attempt to purchase anything on that rogue app, returns a failure message, while it uploads your credentials to their own server.

2. The McD's app uses very weak encryption when communicating over the Internet. This poses a problem when using public WiFi which is often not encrypted at all. Thus, anyone with a laptop and some software can grab the traffic moving over WiFi and decrypt the weak encryption at home.

3. The person's phone is set to connect to any open wifi hotspots automatically or is tricked into connecting to a StarBucs WiFi (instead of Starbucks WiFi). In such a case, the "bad" person can setup a public wifi hotspot on their laptop or phone and start grabbing wifi traffic on anyone who connects to it. Coupled with #2 above, that person can crack the encryption in the convenience of their own home from the packets it picked up when you connected to their fake wifi hotspot.

 

Except for the 1st case, the other 2 can be mitigated by the use of a trusted VPN service. Free VPN's do not count. Some VPN's, like the one I use, actually block malware domains. So if the "bad" person is using a server that is blacklisted then even the fake app won't be able to steal my credentials because when the app tries to upload my credentials, it will fail.

 

 

 

Luddite
Oracle
Oracle

@Triguy Thanks. 

While not strictly "valid" for Discussion, I have moved it from the Lounge.


>>> ALERT: I am not a CSA. Je ne suis pas un Agent du soutien à la clientèle.

alex6999
Good Citizen / Bon Citoyen

Never, never use debit MasterCard and visa, only credit. No prepaid cards too.

 

Chargeback for credit card works fine

will13am
Oracle
Oracle

Thanks for the warning.  I don't put my payment card information into any apps, especially the McDonald's app which is super buggy.  I barely trust using the app just for the dispensing coupons. 

Need Help? Let's chat.