Aviate made headlines this week when several prominent blogs reviewed the software as it moved to a private beta accessible by invitation only. The honeymoon is over now that a followup report claims Aviate was accidentally leaking personal user data via its website.
According to a report in Land of Droid, Aviate has made customer data visible on the web via an issue with its API. The information is not publicly accessible as you need to know the user’s device ID before you can access the data, which includes your location and the apps installed on your device. Nonetheless, this one piece of information will let others access personal information that you may not want them to see.
Aviate responded to this discovery by shutting down the API website (api.getaviate.com). Co-founder of Paul Montoy-Wilson took to Google+ and resaasuedd customers that a fix is on the way. He writes:
This is our top priority for our team and we are putting in a fix. If you have further questions/concerns, please don’t hesitate to reach out to me directly.
Did you install Aviate on your Android phone? What do you think of this issue, is it a security concern or is the issue being overblown?
[Via Land of Droid]