Reporter Wouter van Rooij
`KIK Messenger stores password in plain text
This is the conclusion of Mobile Security Company, a Dutch organisation
specialized in security audits of mobile applications.
The username and password are stored in the com.kik.chat.plist file.
This file can be viewed on a jailbroken device or when having access to the
Wouter van Rooij, iOS security expert at Mobile Security Company states that
storing passwords in plain text in a .plist file is by far the most unsafe
option to handle passwords.
Of course Mobile Security Company tried to report the issue to KIK
interactive, the organization behind KIK messenger.
Van Rooij is very surprised that KIK interactive didn't respond. It is in
the interest of all 50 million KIK messenger users that this issue will be