If you use any of these Android apps, your personal data may be exposed

0

Here we go again — more than 100 million users of almost two dozen Android apps have had their personal data exposed, according to new research from a cybersecurity firm that says it discovered the problem stemmed from the way developers misuse third-party cloud services.

The team at Check Point Research published a report that revealed specific examples of vulnerable applications, including astrology, taxi, screen recording, and fax mobile apps. Among other things, CPR found publicly available sensitive data from real-time databases connected to several Android apps that had garnered between 10,000 and 10 million installations. The personal data included emails, chat messages, passwords, and photos, among other things, and CPR also found push notification and cloud storage keys embedded in many Android apps themselves.

Today’s Top Deal This iPhone case is thin and light but extra Tuff – now it’s at Amazon’s lowest price ever! Price:$15.99 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Loading...

“A real-time database is one that works on live and constantly changing data, rather than persistent data that is stored on a disc,” CPR explained in an email about the findings. “App developers depend on real-time databases to store data on the cloud … If a malicious actor gains access to the sensitive data extracted by CPR, it would potentially lead to fraud, identity-theft and service-swipe, which is trying to use the same username-password combination on other services.”

As you can see, with mobile applications having become such a ubiquitous part of our lives, it’s not just the apps themselves that need to be secure. Developers also need to stop overlooking the security aspect associated with services that are also part and parcel of mobile apps, such as cloud-based storage, real-time databases, analytics, and notification management.

Examples of Android apps that CPR cited in this new report are Astro Guru, T’Leva, and Logo Maker. T’Leva, a taxi app, was found to have garnered 50,000 downloads, while the other two — Astro Guru, an astrology app, and Logo Maker, a graphic design app — reached 10 million downloads. In terms of what data CPR found was extracted from each of them, the report identified the following from each app:

Loading...
  • Astro Guru: Name, date of birth, gender, location, email and payment details
  • T’Leva: Chat messages between drivers and passengers and retrieve users full names, phone numbers, and locations (destination and pick-up)
  • Logo Maker: Email, password, username, user-ID

“Most of the apps we took a look at are still exposing the data now,” said Check Point Software manager of mobile research Aviran Hazum. “Data gathering, especially by a malicious actor, is very serious. Ultimately, victims become vulnerable to many different attack vectors, such as impersonations, identify theft, phishing and service swipes. Our latest research sheds light on a disturbing reality where application developers place not only their data, but their private users’ data at risk.

“By not following best-practices when configuring and integrating third party cloud-services into applications, tens of millions of users’ private data has been exposed.”

The whole report is worth a read here. “This misconfiguration of real-time databases is not new,” it continues, “but to our surprise, the scope of the issue is still far too broad and affects millions of users. All our researchers had to do was attempt to access the data. There was nothing in place to stop the unauthorized access from being processed.”

Loading...

Today’s Top Deal AirPods Pro are back in stock at Amazon’s lowest price of 2021! List Price:$249.00 Price:$197.00 You Save:$52.00 (21%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

Loading...

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Loading...
Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment