Tango PC app lets users break into any Tango account [Updated]
Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.
Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.
Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.
Email this pageComments
There are 10 comments. Sign in to comment
TheDarKnight says:
Such a fail
XboxOmac says:
Hate it when companies and organizations don't take care of data. So much for privacy policies to agree to. :|
Durishin says:
Meh. I can't even get Tango (either the HTC or the vanilla version) to let me set up an account on AT&T for my TItan. Keep getting an error that AT&T are blocking me.
jnielsen3 says:
Please email our support team at http://support.tango.me. They can help with your issue. Tango should work just fine on your Titan though.
VictorE#AC says:
@Jenny has it been fixed in both versions of Tango? I have the "Tango for Samsung" which is ver 1.5.0.0.
jnielsen3 says:
This issue was specific to the PC. Your Samsung device / account was not affected.
