KIK Messenger stores password in plain text

 

This is the conclusion of Mobile Security Company, a Dutch organisation
specialized in security audits of mobile applications. 

 

The username and password are stored in the  com.kik.chat.plist file. 

This file can be viewed on a jailbroken device or when having access to the
iTunes backup. 

 

Wouter van Rooij, iOS security expert at Mobile Security Company states that
storing passwords in plain text in a .plist file is by far the most unsafe
option to handle passwords. 

 

Of course Mobile Security Company tried to report the issue to KIK
interactive, the organization behind KIK messenger.

Van Rooij is very surprised that KIK interactive didn't respond. It is in
the interest of all 50 million KIK messenger users that this issue will be
solved.