Popular Message Board App Giving Away User Location Information

Yik Yak, a popular message board app frequently used by college students, has been found to be giving away its users' location information.

By Crystal Murdock | Published

yik yak

Yik Yak, a popular app that was launched in 2013 and is primarily used on college campuses, allows users to post on a bulletin board anonymously, or so Yik Yak claims. With over 2 million users the app has turned into an avenue of gossip, cyberbullying and has been found to allow users to obtain the exact GPS coordinates and the unique IDs of other users to a precise range of 10-15 feet from where the user last accessed the Yik Yak app. 

According to the Verge, last month David Teather, a computer science student currently residing in Madison, Wisconsin, analyzed what kind of data Yik Yak exposed by developing code that would intercept data sent and received by his Yik Yak app. Teather completed this task by using a free and open-source tool called mitmproxy. Teather was then able to begin writing code that pretended to be the Yik Yak app to extract information from it. By completing the code, Teather realized that Yik Yak was sending the precise GPS coordinates of each post he had made in the app, along with his unique user ID. Although the app is only reflecting an approximate location such as ‘around 1 mile away’ or ‘up to 5 miles’ it gives the users an idea of where in their city or town the anonymous updates are coming from. 

Yik Yak promises users anonymity, but as Teather has determined, the revealed combination of the estimated GPS coordinates and the user ID would be enough to figure out where someone lives. Typically, users like to be at home when posting on social media apps and Teather has proved the data to be accurate within 10-15 feet. In smaller communities or rural areas, GPS data down to this estimation would be enough to easily find the user’s exact address. 

Teather posted a blog about his findings and stressed how the purportedly anonymous Yik Yak app is allowing others to determine a person’s daily routine or possible address. Teather continued on to assert that the data could be abused to provide a stalker with someone’s daily activity, and even go as far as letting them know when the user is no longer in their home neighborhood, which would allow them to break into the user’s home. It is scary to think that information such as this can be easily accessed with a free app. 

The Yik Yak app was already shut down back in 2017 when it was determined it was mainly being used as a tool for cyberbullying and comments that were in the form of hate towards different races and cultures. The Yik Yak app was brought back last year and has promised the latest version no longer allows access to the information Teather was able to find using code. However, Teather continues to point out, that the Yik Yak app needs to break older versions of the app to prevent anyone from accessing this data and asserts that it is important that the latest version have unique IDs and GPS coordinates completely blocked.