11

Tango PC app lets users break into any Tango account [Updated]

Tango.me PC application

Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.

Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.

Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.

Tango

0
loading...
0
loading...
0
loading...
0
loading...

Reader comments

Tango PC app lets users break into any Tango account [Updated]

11 Comments

Hate it when companies and organizations don't take care of data. So much for privacy policies to agree to. :|

Meh. I can't even get Tango (either the HTC or the vanilla version) to let me set up an account on AT&T for my TItan. Keep getting an error that AT&T are blocking me.

Well they managed the thing extremely fast, so ok they need to put more enthusiasm on protect data, but can't be harsh at them, they fixed fast

Bullshit...I just installed tango on my pc...and tango on my PC also has all my other contacts...not just my tang contacts...So obviously tango is grabbing them from my phone and storing them somewhere...
Oh...and calls from my PC tango to phones does not work