Joseph Cox
@josephfcox
Thu Oct 31 20:07:01 +0000 2019

New: Google just removed an app that allegedly had biographical info on all Palestinians. We flagged the app earlier this month, now Google has taken action. But the backend server is exposed, and allows scraping en masse (I just pulled some of the data) https://t.co/yickNgoT1C

This is some of the data that was available in the app, and is still possible to scrape from the app's backend https://t.co/yickNgoT1C https://t.co/R4Y9tk7zUp

One person left this review on the app, encouraging others to report it so Google would remove it https://t.co/yickNgoT1C https://t.co/HZuZOY1OWJ

It's not totally clear where the data itself was sourced from, but one expert said from a set that is not supposed to be this widely available. Even if the data is already public elsewhere, though, having it so easy to download in an app is troubling https://t.co/yickNgoT1C https://t.co/nKyaR4UV8W

"Their API is garbage, you can download all citizens," the researcher who flagged the Android app that lets you look up personal info on Palestinians, said. I verified today just before publishing that data is available with a basic curl command https://t.co/yickNgoT1C https://t.co/w2jlUGe71f

The developer of this app, who would respond to negative reviews, still hasn't responded to a request for comment. Their app allowed the searching of personal data on Palestinians, and the data is still available today on the backend server https://t.co/yickNgoT1C