Last week, security company Pradeo issued a statement that claimed many of SEGA's Sonic games listed on Google Play Store are leaking user location data and device info. Among the mentioned titles – Sonic Dash, Sonic the Hedgehog Classic
, and Sonic Dash 2: Sonic Boom are said to have security issues that could have affected between 120 million and 600 million users.
Those numbers are mostly based on the number of downloads each of these games have accumulated on the Google Play Store, so their accuracy might be a bit off.
According to Pradeo, each of these games have 15 vulnerabilities on average, and that the data are sent to an average of 11 distant servers including 3 uncertified ones.
Among the distant servers reached by the affected SEGA apps when sending data, we can see that most have a tracking and marketing purpose. However, what caught Pradeo’s researchers attention is the fact that these apps are sending information to 3 uncertified servers of which 2 are a variant of Android/Inmobi.D, and represent a potential threat.
Following Pradeo's report, SEGA said in a statement for Zdnet that it is now investigating these claims and, if true, will address any technical or security issues.
Although we can't say for certain that these Sonic games have been affected by security issues, it's better to uninstall them until SEGA completes its investigation.