Security Concern - TapaTalk

Adam Howard

Well-known member
I do not mean to post this twice, but I am well aware not everyone follows the add-on threads, religiously. Just as I am also aware not everyone visits TapaTalk's own support forums.

And since they have personally decided to remain silent on this issue, I thought it best to make a small announcement (draw to attention) that there is/was a security concern in TapaTalk; it was patched, but TapaTalk has decided to NOT inform people to patch or update to resolve this flaw (no notice or update issued publicly). :eek:

TapaTalk said:
Hi,

This issue has been addressed in April 26th, 9 days before this site published the issue. However, since this is a low risk item - we have simply replaced all the plugins that are affected. If this is concerning you and If you have updated the plugin after April 26th, you are not affected.
Source: https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/

This security issue is directly with TapaTalk and not the XenForo development, but if you do have TapaTalk running, you should update accordingly (re-apply the same version, but using the newer files).
 

Attachments

  • Screenshot from 2014-05-23 11:19:55.webp
    Screenshot from 2014-05-23 11:19:55.webp
    40.7 KB · Views: 82
  • Screenshot from 2014-05-23 11:21:54.webp
    Screenshot from 2014-05-23 11:21:54.webp
    55.9 KB · Views: 67
  • Screenshot from 2014-05-23 11:22:03.webp
    Screenshot from 2014-05-23 11:22:03.webp
    47.2 KB · Views: 65
Last edited:
Yes we should all take note of this one (y) TapaTalk will never run on another one of our forums again ever :whistle:

I wonder how long that thread will remain on their site before it is killed lol
 
Yes we should all take note of this one (y) TapaTalk will never run on another one of our forums again ever :whistle:
The problem about TapaTalk is there are so many "newbies" or simply "tech unaware" that are dependent upon it.

You would be surprised on how many people own an Android or iPhone and truly believe they need TapaTalk to browse forums. It reminds me so much of how back in the day people truly believed they needed, AOL to browse the internet. :rolleyes:
I wonder how long that thread will remain on their site before it is killed lol
I do not see why that would happen. XenForo has the good business practice of taking security concerns seriously and has always encouraged people point them out and address them :)

edit: Oh, you mean over there.... That is why I took screenshots.
 
This is why i removed Tapatalk last year.. Each and every update only proves more and more that they are crooks and only care about their bottom line. What has always bothered me is that they do it by either putting our own communities at risk or just steal from us but TT always gets theirs and usually leaves forum admin with a buggy POS software. How is TT needed? i have no idea but if you need TapaTalk you as a forum admin may want to rethink your campaign.
 
This is why i removed Tapatalk last year.. Each and every update only proves more and more that they are crooks and only care about their bottom line. What has always bothered me is that they do it by either putting our own communities at risk or just steal from us but TT always gets theirs and usually leaves forum admin with a buggy POS software. How is TT needed? i have no idea but if you need TapaTalk you as a forum admin may want to rethink your campaign.
There is a bit of generation gap when it comes to mobile devices. The older generation has no problem using a browser, while the upcoming and younger generation is completely app dependent. They believe they need an app for just about everything and telling them you can use the mobile browser just does not compute or is ignored.

So if you're fine with ages 30+, I guess you have nothing to be concerned about. But if you're looking to the future, the younger generation just does not conform.
 
There is a bit of generation gap when it comes to mobile devices. The older generation has no problem using a browser, while the upcoming and younger generation is completely app dependent. They believe they need an app for just about everything and telling them you can use the mobile browser just does not compute or is ignored.

So if you're fine with ages 30+, I guess you have nothing to be concerned about. But if you're looking to the future, the younger generation just does not conform.
I agree that younger generation is so app dependent, they didn't even know the forum actually exist on the internet! I wanted to get rid of Tapatalk but I just couldn't because more than half of my members surf using Tapatalk. I'm slowly taking away the function of Tapatalk, what I did at this stage is the registration should take place via browser rather than the app. This way, members will appreciate the beauty of my forum because they actually notice "oh, this is actually a website that is accessible via the browser". Otherwise, some think that Tapatalk is ours and kept asking questions about their issues with Tapatalk merely because everything they do is within the app (they never encountered the web version before). Now I have more members who go to the site instead of app, probably because of the registration process.
 
The other issue is they become ghost members on your forum and don't respond to any forum tweak you may have running. Communicating with them is also a huge issue as they tend to not see personal messages most of the time, miss tagged threads that need reading.
 
I agree that younger generation is so app dependent, they didn't even know the forum actually exist on the internet! I wanted to get rid of Tapatalk but I just couldn't because more than half of my members surf using Tapatalk. I'm slowly taking away the function of Tapatalk, what I did at this stage is the registration should take place via browser rather than the app. This way, members will appreciate the beauty of my forum because they actually notice "oh, this is actually a website that is accessible via the browser". Otherwise, some think that Tapatalk is ours and kept asking questions about their issues with Tapatalk merely because everything they do is within the app (they never encountered the web version before). Now I have more members who go to the site instead of app, probably because of the registration process.
If you want to share how that is done, please do.

I am unaware of any setting that would force this.
 
I will say that of all the things ive added and removed from my communities over the years removing TapaTalk was met with the most resistance by far.. I understand TT app developers are trying to make a buck but their approach to me is just to sneaky.. TT in no way shape or form is transparent or honest..
 
There is a bit of generation gap when it comes to mobile devices. The older generation has no problem using a browser, while the upcoming and younger generation is completely app dependent. They believe they need an app for just about everything and telling them you can use the mobile browser just does not compute or is ignored.

So if you're fine with ages 30+, I guess you have nothing to be concerned about. But if you're looking to the future, the younger generation just does not conform.

I'm disagreeing with this... Then again, I never did conform to stereotypes or social norms...

As per the OT, I removed Tapatalk last year at some point... Never used it and don't see the point in it anymore.
 
I'm disagreeing with this... Then again, I never did conform to stereotypes or social norms...

As per the OT, I removed Tapatalk last year at some point... Never used it and don't see the point in it anymore.
Props to you for not keeping to the social norms of your generation.
 
I can't tell if that's a good thing, and/or if you're being sarcastic.
LOL

d3dc3e435ec0b356e632169b0452641b


You have no idea how funny it is for you to say that with your avatar (assuming you know your memes).

I truly did mean it as a good thing. It's good to think outside the box and for yourself.
 
This isn't the first security issue with Tapatalk and it won't be the last. There were issues last year which I posted about elsewhere on these forums. I raised the security concern and other issues over on the Tapatalk forums only to have one thread locked and the other deleted. There was nothing rude or inappropriate in either, they just didn't want to deal with legitimate concerns.

After that, I removed Tapatalk from my site. I told members it was due to security issues and advertising and although a few were unhappy, most understood. I've not looked back since and members can now see and use the various extras like Xenforo Media Gallery as well as basic functions such as font sizes and colours that Tapatalk couldn't support.

So for me, I'll never go back to Tapatalk.
 
LOL

d3dc3e435ec0b356e632169b0452641b


You have no idea how funny it is for you to say that with your avatar (assuming you know your memes).

I truly did mean it as a good thing. It's good to think outside the box and for yourself.

Social norms... I don't know my memes. :P

Anyhow, like usual, I'm making a topic drift off-topic.
 
Top Bottom