Randy Westergren writes:
After recently finding a critical vulnerability in Verizon’s My FiOS app, I thought it would be worth looking into their other apps available to customers. The FiOS Mobile app allows users to watch subscribed TV channel offerings on their mobile devices, as well as control their DVR, view On Demand histories, etc. Shortly after loading the app and reviewing the web requests/responses, I identified two vulnerabilities that exposed the private information of customers. This included the ability to view any customer’s subscribed channels as well as On Demand purchase histories.
Read more on XDA.