BeReal: data protection and privacy

14 Jul, 2022

How secure is the BeReal App?

The new social media app BeReal is currently booming in the app stores and is becoming increasingly popular, especially among the younger Generation Z. This is because instead of showing edited images and staged videos like other social media apps, BeReal shows the “real life”. But as with all social media apps, the BeReal app also raises privacy concerns for many users. We have therefore made the test and subjected the BeReal app to a data protection review!

BeReal App Datenschutz sicher Apptest

The BeReal App in the iOS App Store

About BeReal

The app BeReal, which was developed in France in 2019, is a counterpart to other social media platforms such as TikTok or Instagram. Instead of uploading a picture from the photo gallery, users receive a push notification on their smartphone once a day – at a random time. From then on, they have two minutes to take a snapshot and share it with their friends. To be as authentic as possible, a photo is taken with both the front and main camera. Afterwards, they can look at the posts of other users. This is because BeReal only displays the pictures of the contacts once you have uploaded something yourself.

BeReal and data protection: This is how secure BeReal really is

In order to analyze the security level of the BeReal app, our security experts examined BeReal for possible security vulnerabilities as part of a pre-test. They tested BeReal for iOS (v 0.22.4) as well as for Android (v 0.35.2).

BeReal: Third-party providers & data transmission

Both the iOS and Android versions of the BeReal app include various trackers and analytics tools such as Google Analytics and Datadog. Meta data (e.g. login information) is transmitted by the app to the analytics service Amplitude. Another problem is that the app sends the contact data of the users to the US servers of BeReal. This sensitive information is thus transferred to a country outside the GDPR, so that secure handling of it is not guaranteed. Since BeReal is a French company, data processing along the EU GDPR would be desirable.

A man-in-the-middle attack has been successful with the iOS variant of the BeReal app. This means that unauthorized third parties can potentially read the transmitted data. A man-in-the-middle attack was also possible with BeReal for Android in the test runs – however, the app provides sufficient countermeasures here so that no data loss occurs.

BeReal: Access permissions

The app requires access to the camera, photo gallery, location and contacts of the user. However, since these permissions are necessary to use the full feature set, we do not rate the BeReal app as overprivileged.

BeReal: Data privacy assessment

Due to the identified security flaws, we do not recommend using the BeReal app. In particular, the iOS version of the BeReal app has numerous security risks, such as the possibility of a man-in-the-middle attack. The BeReal app does provide information about the type of data processed and the transfer to third-party providers in the privacy policy – however, this is only available in English and French.

Test results

Download the detailed test results of the BeReal app here for free:

 

CHECKLIST
5 Tips for a secure app selection

Use our checklist to make your own decisions about the use of certain apps in the future. Backed up with tips and explanations, it will help you in the decision-making and app approval process.

App-Auswahl Checkliste sicherer Freigabeprozess

These news might also interest you

Avoiding Cyber Attacks: A 10-step guide for businesses

Avoiding Cyber Attacks: A 10-step guide for businesses

The Russian attack on Ukraine is not only sending uncertainty and fear around the world – it also poses concrete dangers in the form of cyber attacks for cyber security in Europe and Germany. Here’s how companies can protect themselves:

Heartbleed in 2017 – an examination.

mediaTest digital and CIPHRON investigate the phenomenon "Heartbleed". The vulnerability in OpenSSL named Heartbleed [CVE-2014-0160] still exists three years after their discovery. The two companies from Hanover CIPHRON and mediaTest digital have made it their...

You might also be interested in:

Whitepaper how secure is the iOS operating system

Whitepaper: How secure is iOS?

For a long time, the myth was that Apple devices are always secure. Lately, however, Apple seems to be losing its status as an impregnable fortress. Learn how to avoid the risks in our 12-page whitepaper.

The best WhatsApp alternatives at a glance

The best WhatsApp alternatives at a glance

WhatsApp privacy under criticism again As of February 08, 2021, Facebook is updating its privacy policy on WhatsApp, leading to great uncertainty and criticism from users, not to mention a mass exodus to alternative messengers like Signal, Telegram oder Threema....

Jitsi Meet – A Safe Alternative to Zoom and Co.

Jitsi Meet – A Safe Alternative to Zoom and Co.

The video conferencing tool "Jitsi Meet" in a data privacy and usability test   Ever since the Corona outbreak, video conferencing tools such as Zoom and Microsoft Teams have become indispensable in the modern workplace. They enable vis-à-vis conversations and...

Press contact

Karina Quentin | PR & Communication

press@appvisory.com
Telefon +49 (0)511 35 39 94 22
Fax +49 (0)511 35 39 94-12

Newsletter

Exclusive tips and news about apps and mobile security