100 million Android user data exposed by questionable apps
Poorly created apps have left the data of 100 million Android users exposed, a cybersecurity research firm has said.
Check Point Research analyzed 23 Android apps downloaded through Google Play and found that the lack of built-in security measures in online platforms left users’ personal information exposed.
âWe were able to recover a lot of sensitive information, including email addresses, passwords, private chats, device location, user IDs, and more.
“If a malicious actor accesses [this] data, this could potentially result in service scans, i.e. trying to use the same username-password combination on other services, fraud and identity theft.
More than 50 million personal chat messages have been exposed through misconfigured real-time databases, the research shows, while an additional 10 million browser history has been left vulnerable.
In other cases, tens and millions of email addresses, PINs, location information, phone numbers, profile pictures, nicknames and Facebook IDs have been exposed.
Check Point researchers analyzed Astro Guru, a popular astrology app that had been downloaded over 10 million times, and discovered users’ personal information such as name, date of birth, gender, location, e-mail and even payment details.
In another app called T’Leva, a taxi app that had been installed over 50,000 times, researchers were able to access chat messages between drivers and passengers, find full names, phone numbers, destination. and places of support for users just through a single query to the database.
Analysis of other data storage applications like Screen Recorder and iFax, which have more than 10 million and 500,000 downloads, respectively, revealed that malicious actors could “access all documents”.
Researchers didn’t have to go to great lengths to “ hack ” the app, according to the report, which meant the information was available to anyone who knew how to find it.
“All our researchers had to do was attempt to access the data. There was nothing in place to prevent unauthorized access processing,” the report said.
Check Point researchers said they contacted Google and each of the app developers before publishing their research, and a number of them have since changed their configurations.
Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitterand subscribe to the free version daily newsletter.