These Android apps can leak your private messages, email addresses – Times of India

By Kevin Colleran On Oct 1, 2021

Over a dozen popular Android applications that are downloaded by over 140 million people are reportedly found to be leaking data. The exposed data includes users’ names, email addresses and many other personal information. The leak has been detected by cybersecurity researchers at CyberNews and they have released a report on the same.
Few of the apps mentioned in the report are Universal TV Remote Control, Remote for Roku: Codematics, Hybrid Warrior: Dungeon of the Overlord and Find My Kids: Child Cell Phone Location Tracker. The leak is possible due to misconfiguration of Firebase databases that are often managed by developers with no security training, which makes them easy targets for cybercriminals.
Firebase is a mobile app development platform that offers features like hosting, analytics and real-time cloud storage to developers. The platform was acquired by Google in 2014 and since then it is one of the most popular data-storage solutions for Android apps. The research reveals that due to poor configuration on Firebase anyone who knows the right URL can access real-time databases and user information of these popular apps without any kind of authentication. According to researcher Martynas Vareikis, the apps are not only leaking user data, but also their private messages.
For the investigation, the researchers analysed 1,100 most popular apps across 55 different categories in the Google Play store. For popularity metrics, researchers used the ‘TOP {CATEGORY}’ collections provided by on the Play store.
CyberNews claims that their researchers reported their findings to Google and asked them to help the developers but the tech giant ignored all the queries. Although the researchers only looked at apps on the Play Store, it is likely that iOS apps might be affected by these misconfigurations too as Firebase is platform agnostic.
“If you’re an app developer, always make sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests CyberNews researcher.

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.