11

Tango PC app lets users break into any Tango account [Updated]

Tango.me PC application

Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.

Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.

Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.

Tango

0
loading...
0
loading...
26
loading...
0
loading...

Comments

There are 11 comments. Sign in to comment

XboxOmac says:

Hate it when companies and organizations don't take care of data. So much for privacy policies to agree to. :|

Durishin says:

Meh. I can't even get Tango (either the HTC or the vanilla version) to let me set up an account on AT&T for my TItan. Keep getting an error that AT&T are blocking me.

jnielsen3 says:

Please email our support team at http://support.tango.me.  They can help with your issue.  Tango should work just fine on your Titan though.

jnielsen3 says:

Hey everyone, this issue has been fixed.
-Jenny from Tango

VictorE#AC says:

@Jenny has it been fixed in both versions of Tango?  I have the "Tango for Samsung" which is ver 1.5.0.0.

jnielsen3 says:

This issue was specific to the PC.  Your Samsung device / account was not affected.

ogracia says:

Well they managed the thing extremely fast, so ok they need to put more enthusiasm on protect data, but can't be harsh at them, they fixed fast

jnielsen3 says:

Customer satisfaction and data protection is our priority.  We move very quickly here!!!

Bullshit...I just installed tango on my pc...and tango on my PC also has all my other contacts...not just my tang contacts...So obviously tango is grabbing them from my phone and storing them somewhere...
Oh...and calls from my PC tango to phones does not work