Page 8 Soft

Main Menu

  • Home
  • Software Start Ups
  • Android Apps
  • Iphone Apps
  • App Funding
  • Money

Page 8 Soft

Header Banner

Page 8 Soft

  • Home
  • Software Start Ups
  • Android Apps
  • Iphone Apps
  • App Funding
  • Money
Android Apps
Home›Android Apps›App developers exposed millions of Android user data

App developers exposed millions of Android user data

By Margaret J. Beltran
May 21, 2021
0
0



App developers exposed millions of Android user data

Mobile app developers have potentially exposed the private data of over 100 million Android users, failing to follow security best practices when integrating third-party cloud services into their apps.

Check Point researchers recently analyzed 23 Android apps, including a screen recorder, taxi app, fax service, logo maker, and astrology software, and found the developers were exhibiting their own. and their users.‘ data through a variety of misconfigurations in third-party cloud services.

In 13 applications, sensitive details were publicly available in unsecured cloud configurations.

Sensitive data included chat messages, emails, location details, gender, date of birth, phone numbers, passwords, photos, and payment details. Cybercriminals could easily use this information to carry out fraud, identity theft and service scans.

In a blog post, researchers said they found sensitive details in unprotected real-time databases used by 23 apps, with installs ranging from 10,000 to 10 million.

Some of these apps found in the Google Play Store have had over 10 million downloads, including Astro Guru, Logo Maker, and Screen Recorder. The latter exposed storage keys in the cloud, giving access to users‘ device screenshots.

Some apps also exposed data related to their developers, such as app credentials‘push notification service. Malicious actors can exploit push services to send bogus alerts to app users.

Another Android application, iFax, exhibited cloud storage keys, providing access to a database containing fax transmissions and other documents of more than 500,000 users.

With the taxi service app T‘Leva, Check Point researchers were able to access all messages sent between customers and drivers, names, phone numbers and a variety of other details, by sending a simple request to the database.

‘This misconfiguration of real-time databases is nothing new, but to our surprise, the scope of the problem is still far too broad and affects millions of users. All our researchers had to do was attempt to access the data. There was nothing in place to prevent unauthorized access processing,‘ the researchers said.

‘Most of the apps we found had ‘Lily‘ authorizations and ‘write‘ permissions. That alone could compromise an entire app, not even considering the developer’s success.‘s reputation, their user base, and even their relationship with the hosting market.‘

Last year, a study by the cybersecurity team at Comparitech found that nearly 6% of all Google Cloud buckets are vulnerable to unauthorized access due to configuration issues.

Of the 2,064 open Google Cloud buckets that Comparitech researchers found, 131 were misconfigured and vulnerable to unauthorized access.



Related posts:

  1. 6 Android Apps to Reduce Work from Home Burnout
  2. How to download the RSNB app for Android
  3. Why you should stop texting from your Android messaging app
  4. The 6 best alternatives to MyFitnessPal for Android and iPhone
Tagsandroid appsgoogle playplay storereal time

Recent Posts

  • How PreSkale promises to turn leads into real revenue
  • Google app beta brings search UI overhaul to Android 13
  • Rapid measurement of thoracolumbar kyphosis with the built-in inclinometer of a smartphone: a study of validity and reliability
  • Singapore pharmacy platform startup lands $27m in funding round backed by Bill Gates
  • Broadcom in advanced talks to buy VMware

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021

Categories

  • Android Apps
  • App Funding
  • Iphone Apps
  • Money
  • Software Start Ups
  • Terms and Conditions
  • Privacy Policy