There are some evidences in the printscreens available here about an school app the expose students information when someone is authenticated in the app. First the attacker need to be a valid credentials in the app Escola em Movimento (EEM), then in the main menu select the Activesoft option. So this option open the Activesoft page in the browser with mobile caracteristcs. In these pages is possible to manipulate the ID and open information about others students.