A vulnerability in food delivery service Zomato’s Android app could have allowed perpetrators to expose sensitive data through deep links.
Deep links are URLs that take users directly to a specific page in an app, which can be useful but also pose a security risk if they are not handled correctly.
This particular vulnerability has now been resolved, with a bug hunter earning a $750 bounty for discovering the issue and reporting it to the company.
It highlighted how important it is for developers to ensure that user data is not put at risk by deep links, with extra precautions put in place to guarantee the security of any sensitive information.
The discovery also served to educate Zomato on the importance of thorough testing, with the company committing to continue developing and improving its app with the utmost attentiveness to security.
The disclosure of this vulnerability comes shortly after the app suffered a major data breach, compromising the data of over 300 million users worldwide.