WiFi Finder App collected WiFi Passwords

I still get requests from users to add a WiFi scanning tool to my App. My Answer is always that this is not possible for any App because Apple restricts access to the WiFi interface – which is good. (See also wifi-scanning)

What could happen if unrestricted access to the WiFi interface would be possible can be seen recently in an incident on Android.

A quite popular “WiFi Finder” app has collected private WiFi passwords. Those Passwords were stored as plain text along with SSID, Geolocation on a server maintained by the Chinese App developer. Even worse, that information left exposed and unprotected, allowing anyone to access and download the contents in bulk.

The App has already been banned from the Google Play Store and the Server was shut down.

Don’t trust the evil!

Best regards,

Marcus