Is Houseparty a safe app?

Houseparty is a video conferencing app developed by Life on Air - a subsidiary of the developer of Fortnite, Epic Games. It is an app that has risen massively in popularity due to the periods of self isolation caused by COVID-19. The app is a fun way for friends to video conference because it allows you to both play games and host simultaneous rooms.

Unfortunately, in the past month, Houseparty has run into some bad press because of false rumors claiming it caused users to be hacked. With so many rumors circulating, it can be confusing. So, is Houseparty app safe to use?

Is Houseparty safe?

At the end of March 2020, Houseparty suddenly went viral on social media sites like Twitter. Hundreds of users began claiming that the Houseparty app caused them to have secondary accounts, such as Spotify, hacked. Some users even falsely claimed that Houseparty had caused their online banking to be penetrated.

Those tweets are now believed to have been initiated and promoted by internet trolls with nothing better to do. In the days following those initial rumors, it became obvious that there was no truth to those claims. And, as a result, it is fair to say that Houseparty remains an app that is primarily safe to use.

Despite this, there are some Houseparty features that may concern some users. When a party is initiated, any person in the conversation can unlock the party, which will allow any user to invite more people in (to a total of eight). This could theoretically lead to unwanted persons joining a party.

Admittedly, people can not access a party without receiving an invitation. However, if an invitation to a party was shared publicly, it is possible that a random stranger could wind up inside the party. Theoretically, this could lead to cybercriminals, cyberbullies, cyberstalkers, or other unwanted individuals ending up in the chat or party games.

Is Houseparty safe for Children?

As long as children use Houseparty responsibly, it should be safe enough to use the app. However, parents should check that their child has set up their Houseparty account using a strong, unique password. 

In addition, parents should ensure that their kids are only using Houseparty with Private Mode switched on. This feature will ensure that the party’s they create are locked.

To do this, open the app and go to:

Account > Settings > Private Mode.

However, parents must ensure that all the members of a party have set their accounts up using Private Mode, because any single one of the eight members of a party can theoretically unlock a room; which could lead to unwanted users being invited into the video conference.

It is also worth noting that when new users create a Houseparty account, they get the option to connect to Facebook and Snapchat. However, doing so not only adds your contacts but also gives you the option to add friends of friends. For this reason, it is advised that your child does not link any secondary accounts and services.

Does Houseparty app have any security flaws?

Lukas Stefanko, a security researcher at the firm ESET has previously analyzed the Houseparty app. According to Stefanko, there are no obvious or concerning vulnerabilities that would allow users to be hacked. This appears to give the platform a clean bill of health.

It is also worth mentioning that Houseparty’s developer enforces a Bug Bounty program, which encourages security researchers to find flaws. Offering incentives and compensation to the global community means that critical vulnerabilities are often found faster and patched, rather than being used against the company or its users.

Is there a way for cybercriminals to hack a Houseparty account?

Although Houseparty has not specifically been linked to any mass hacking incidents, and the app is not thought to be a danger to users in of itself, it is still possible that individual users could have their Houseparty account hacked if it is not protected well enough.

Mozilla, the developer of Firefox, has openly criticized Houseparty for its failure to enforce robust password security. It points out that when users create a Houseparty account, it is not compulsory for them to choose a strong password, with 5 character passwords such as “12345” being allowed. Not only are these extremely easy to crack, it is generally accepted that a strong password should contain more than 12 characters.

Admittedly, Houseparty users can set a stronger password if they wish (they aren’t forced to make their password short and weak). However, Houseparty’s failure to require a strong password and to warn users if they opt for a weak password is still considered poor security.

Users who accidentally choose a password that is insecure could end up having their Houseparty account penetrated by hackers using a brute-force attack.

What’s more, if a user has recycled their password elsewhere, that hacker could then access secondary accounts and services that belong to that user. That is why it is so vital to not only set strong passwords but also to ensure that passwords are always unique for each and every online service that is used. 

I think I set a weak password, what should I do?

Anybody who believes they may have accidentally set their Houseparty password insecurely, is recommended to update their password at once. 

A strong password will be a minimum of 12 characters long and will contain upper and lower case letters, numbers, and symbols. It will also be a unique password that you have never used on any other account or service.

Since it's incredibly difficult to remember a unique password for every account you own, we recommend using a password manager. The best ones can not only store all your passwords securely, but help you generate secure, random passwords at the click of a button - among other things.

Is Houseparty bad for privacy?

Houseparty is an app that collects user data both inside the platform and from any attached social media accounts. It also collects some data from third party apps. Houseparty uses that data for marketing purposes and shares that data with third parties in order to serve users targeted ads.

To join Houseparty, you must provide your phone number to receive a verification SMS message. In addition, users must provide their name and date of birth. Of course, users can opt to provide fake information if they prefer, but the phone number will need to be valid to receive the verification number.

For those who don't want to give Houseparty their number, you can use services like Google Voice to set up an online phone number. Since this will receive the verification code instead of your smartphone, you will avoid having to give Houseparty your digits.

New Houseparty users are also given the option to connect their Snapchat, mobile phone contacts, and Facebook contacts. Again, anybody who would prefer Houseparty not to have this access can refuse to grant the app consent.

Finally, Houseparty can find parties based on location. To do this, you will need to grant Houseparty access to location services on your device. The good news, however, is that this comes switched off by default and can be turned on or off again at any time.

Invasive data collection habits?

Since April 10,  2020, Houseparty has improved its privacy policy to remove some of the more invasive statements it used to include. The new policy has reduced the amount and type of data it collects from users, which is a welcome improvement.

However, Houseparty remains somewhat invasive, and there is little that users can do to stop Houseparty using tracking tools and cookies to harvest their personal information. In fact, Houseparty notes that blocking cookies may cause the browser version to malfunction.

The privacy policy also clarifies that the firm will use your IP address to derive your location. So even if you turn off location services, Life on Air will attempt to figure out where you are.

In addition, Houseparty will collect information about your friends (such as their email address and phone number) if you link a Facebook account. This means that even if you refuse to provide your real information, Houseparty can harvest your data without your knowledge when one of your Facebook friends joins the platform and links their social media.

Despite the data that Houseparty collects from users, the app does not, under any circumstances, harvest user passwords for any third party apps installed on the devices it resides on. Any false statements of this nature are just malicious rumors.

In fact, Houseparty is offering a $1 million reward for anybody who can help prove that its video conferencing platform was the victim of purposeful sabotage at the hands of a competitor.

Are my chats private?

Thankfully, in the latest version of the Houseparty privacy policy, the firm has removed some of the more worrying permissions it used to contain. This means that any ideas, knowledge, concepts or inventions that you might come up with during a conversation will remain your own.

Finally, it is worth mentioning that Houseparty does not provide end-to-end-encryption for video conferencing sessions. The video data for each party is encrypted using HTTPS to secure it in transit, but that data passes through Houseparty’s servers where it could theoretically be accessed or analyzed by the company and any third parties or affiliates it works with - as well as government authorities if it is served a warrant.

How to stay safe when using Houseparty

For concerned parents who do not want their children to communicate with strangers, we recommend against linking Houseparty to any other services or apps (like Snapchat or Facebook). Instead, add each contact individually:

  1. Tap + in the top right corner of the app.
  2. Click Invite New Friends to send a link to a specific friend via another app. Alternatively, tap Add New Friends to search for contacts and add them manually.
  3. Tap Add by Name to search by username.
  4. Tap Add next to the contact you want to add. Your child’s friend will have to accept the request to connect with them on Houseparty.

Adding contacts manually, one at a time, will remove the potential for the app to automatically connect your child with people they have never met. 

Houseparty users are also given the option to find contacts based on their location. Admittedly, location tracking is turned off by default. However, it is worth checking that your child has not switched this feature on by heading to permissions to ensure that location services are set to off.

In addition, parents should ensure that their kids are using an up-to-date firewall and antivirus program on their device. This will ensure that if they are accidentally sent a dodgy link or download via the Houseparty app, they do not end up infected with malware. For more information and a list of the best services, please check out our best Antivirus guide.

How to delete Houseparty?

If you still aren’t convinced about Houseparty and would prefer it not to collect any data about you, the option exists to delete both your account and the app. Deleting the app is straightforward because all you need to do is uninstall it the same way as you would any other app. 

However, if you want to delete your account completely, you will need to do so before deleting the app. That process is slightly different depending on whether you use Houseparty on iOS or Android.

Delete your account in the iOS app

  1. Open the app and click Settings.
  2. Tap on Privacy.
  3. Select Delete Account.
  4. Confirm that you want to continue.
  5. Enter your password.
  6. Press Delete.
  7. Remove the application from your device.

Send an email requesting an account termination (Android)

If you are an Android Houseparty user, for the time being you will need to request that your account be terminated by contacting customer support. To do so, follow these steps:

  1. Open your email account and compose a new email.
  2. Enter the following address: [email protected]
  3. In the subject line, type Request to Delete Account.
  4. In the main body of the email, explain that you want to delete your account and provide your name, email address, Houseparty app username, and the phone number you used to create the account.
  5. Wait for a response from Houseparty with confirmation that your account has been removed.
  6. Delete the application from your device.

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

0 Comments

There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit

Strong presence, no-logs policy