A critical vulnerability in Google’s Waze application has been found, which can enable hackers to find people – who are using the navigation app as well as track them from their location. Peter Gasper, a security DevOps researcher, has discovered this API flaw recently.
He was able to track the specific movements of users and identify who they are. Thus, a hacker can leak data and find out a victim by stalking his location.
The app uses crowd-sourced data aimed at warning drivers about difficulties to ease their commute. This includes traffic congestion, accidents, construction, etc. and guide them with alternative and faster routes.
Source: https://threatpost.com/googles-waze-track-users/160332/