Over a dozen high Android applications listed on the Google play store revealed leaks of user data, according to a cybersecurity investigation.
By analyzing the configuration of popular Android apps, security researchers from CyberNews found that 14 of the best Android apps with over 140 million collective installs leak sensitive user data due to improper access controls on their Firebase real-time database.
“Mobile application developers use Firebase real-time databases to store user records, financial information, and other types of sensitive data. Unfortunately, real-time databases are often managed by developers with no security training, making them an easy target for malicious actors, ”notes CyberNews.
We take a look at how our readers are using VPNs with streaming sites like Netflix so that we can improve our content and offer better advice. This survey will take no more than 60 seconds of your time, and we would greatly appreciate your sharing your experiences with us.
>> Click here to launch the survey in a new window
According to the researchers, the misconfiguration allowed them to access real-time databases and the information they contain about users without being prompted to authenticate.
Fire in the hole
CyberNews claims to have contacted the developers of the fourteen applications, five of which have since secured access to their Firebase databases. However, as the majority of developers did not respond to the researchers, CyberNews contacted Google for their help in getting developers to fortify their databases.
“Unfortunately, Google ignored our queries, and we haven’t heard from them since,” says CyberNews, adding that the nine insecure apps continue to disclose data from their combined user base of over 30 million. of individuals.
“If you are an application developer, always be sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests Martynas Vareikis, researcher at CyberNews.