Nick Arnott writing for iMore has posted an in-depth look at CurrentC that has yet to launch publicly but is available for download from Apple’s App Store and Google’s Play Store. During his inspection that included sniffing the data that goes between your phone and the online service, he found a slew of possible fields to be used to transmit personal data and also a lack of authentication that would protect the CurrentC API.
Now, I have to stress here, I never got CurrentC to return me a real user’s data. However, the fact that these fields exist is a good indicator that CurrentC plans to collect this data, and also why on Earth would you ever return these fields without any sort of authentication first? I never hit on an email that appeared to be a valid account, but I was honestly too nervous to keep trying given the data it seemed eager to send back.
He ends his article with this:
With CurrentC, you’re not the customer — you’re the product being sold.