Update: According to the Vopium blog, the app has been updated with a fix for this issue.  We'll crack it open in just a bit to ensure everything has indeed been addressed.

Users of the popular VoIP app Vopium (here's the older version with many more installs) may want to put all usage of the app on indefinite hiatus, at least for the time being. It was recently discovered that the app sends basically all of the sensitive information, including username, password, device IMEI, geolocation, and contact list in plaintext.

After doing some of our own analysis, we discovered that the password is stored in the app's settings using plaintext as well (as opposed to at least basic encryption or an auth token - thanks for doing the leg work here, jcase).

Read More