Clubhouse, the latest social media platform to tempt Facebook into designing a clone, has announced that it has fixed a major security flaw that potentially exposed users’ unfiltered data to the government. Security analysts discovered a glaring flaw in the app which could potentially result in the Chinese government gaining access to people’s audio data and messages. Now, it’s all very well saying that the Chinese government wouldn’t do such a thing, but let’s be real… it totally would do this kind of thing if no-one knew about it.
The flaw came in the form of plaintext, which Slack also recently discovered should not be the format in which it keeps users’ private data. As for Clubhouse, it was found that users’ unique in-app ID number and chatroom IDs were being saved as plaintext, which makes finding and copying that information very simple indeed.
So where does the Chinese government fit into all of this? Well, as it turns, out a Chinese government by the name of Agora helped develop the back-end infrastructure of Clubhouse. Reports indicated that metadata from the app was being relayed through and hosted in China. So while there’s no actual evidence that China was prying all that private evidence, it’s possible that they could have been.
Clubhouse: No Spies Allowed!
According to TechRadar, Agora has stated that it does not have access to Clubhouse users’ personal data and that voice and video calls aren’t routed through China. Now that Clubhouse has identified the problem, it’s also issued a statement on the supposed links to China. “Given China’s track record on data privacy, we made the difficult decision when we launched Clubhouse on the Appstore to make it available in every country around the world, with the exception of China. Some people in China found a workaround to download the app, which meant that—until the app was blocked by China earlier this week—the conversations they were a part of could be transmitted via Chinese servers,” reads the statement.
Clubhouse has stated that it’s already working a fix and that a patch is expected to roll out in the next 72 hours. The update will also beef up the app’s encryption and will aim to “prevent Clubhouse clients from ever transmitting pings to Chinese servers.”