yikyakThe app’s tagline reads: “no profile, no password, it’s all anonymous.” But, is it? Geo-location based apps like Yik Yak use Apple and Android’s location API.

Are yaks really anonymous?

On Yik Yak, your yaks are anonymous to other yakkers, until someone decides they are not. For example, if you make a threat that you are not supposed to in the morning, you can expect to be sitting in a prison cell by nightfall. Yik Yak’s terms of service clearly state:

  • “You are responsible for the data you transmit using the Yik Yak service.”
  • “You shall abide by all applicable local, state, national, and international laws and regulations and be solely responsible for all acts or omissions that occur with respect to your use of the Yik Yak service…”

Yik Yak’s owners work closely with law enforcement (as they should) to provide them with data necessary to identify Yakkers. Recently a kid was arrested in Mobile AL for communicating threats, and this has happened more than once.

Can Yik Yak be hacked?

Great hackers can break into extremely sophisticated apps and networks owned by multimillion dollar organizations. Could an experienced individual hack an app developed by some college students? I don’t see why not.

A high school student has already reverse engineered the API and points out that the app is not really anonymous at all (for the reasons posted above). He also says their code is poor and discloses several ways to abuse the system and manipulate the voting system.

Many app developers with a budget offer white hat hackers rewards for finding vulnerabilities in their systems. For example, as of Sept 1, 2014, Secret, another anonymous social app, has been hacked 47 times. Until a week or two ago it was very simple to pinpoint precisely which of your friends was posting which secret. Secret’s secrets weren’t so secret after all.

Conclusion:

Your yaks are anonymous, most of the time… If you’re a college student and just want to joke around about college related things, go for it, but don’t go out and yak away your life secrets or do anything stupid.

Update October 16, 2014:

Since writing this article several students have been arrested for making threats on the Yik Yak Social Media app. Also, using an app requires an IP address. This is like a postal address for your phone. When you connect to a network, you get this address in order to send and receive data. Of course, app developers can easily see your IP address and with that information investigators can easily see from your wireless provider precisely who you are and where you are. So again, don’t do anything stupid. If you use Yik Yak, use it for fun, and if you have mental problems, go get them checked out, you really can be a happy person.

Len

Leave a Reply