After many, many warnings and hacks, some app authors are still not taking adequate precautions with their users’ data. When mobile app authors send and store unencrypted usernames and passwords, they fail to keep their promise to protect user data.

When a company rushes to ship an application by cutting security corners, it can give pirates and mobile data miners a wide loophole to steal from users.

Desktop computers are, in some important ways, less likely to contain highly personal data about us. Yes, they’ll contain social security numbers, credit card passwords and banking information, but they don’t provide a moment-by-moment breakdown of where you are, whom you’re calling, and what you’re saying. Smartphones do.

So when we see these types of insecurities occurring in mobile phones, it’s more personal, and just as financially damaging as when a desktop computer is breached.

Major app frameworks, including Facebook’s Parse, are affected. This means apps by companies such as AP News, VEVO, Showtime, AMC, Gucci, Orbitz, Samsung, and The White House may be vulnerable. Without knowing what security options they chose, we can’t know whether their apps are protecting our mobile data.

It is far past time that app authors are held accountable for sending unencrypted usernames and passwords. Apple appears to be finally taking steps to warn developers about the practice, but when we accept the apps’ disclaimers, often checking that little box without reading what we’re signing, we should know the risk we may be taking.

Using the SpyAware app, you can find out where your mobile data is being sent. We have a new version coming out next month, that we believe is going to fundamentally change the way you regard your apps’ behavior by showing you, in real time, what they do with your data, what they take, and where they send it.