Over a dozen popular Android applications that are downloaded by over 140 million people are reportedly found to be leaking data. The exposed data includes users’ names, email addresses and many other personal information. The leak has been detected by cybersecurity researchers at CyberNews and they have released a report on the same.
Few of the apps mentioned in the report are Universal TV Remote Control, Remote for Roku: Codematics, Hybrid Warrior: Dungeon of the Overlord and Find My Kids: Child Cell Phone Location Tracker. The leak is possible due to misconfiguration of Firebase databases that are often managed by developers with no security training, which makes them easy targets for cybercriminals.
Firebase is a mobile app development platform that offers features like hosting, analytics and real-time cloud storage to developers. The platform was acquired by Google in 2014 and since then it is one of the most popular data-storage solutions for Android apps. The research reveals that due to poor configuration on Firebase anyone who knows the right URL can access real-time databases and user information of these popular apps without any kind of authentication. According to researcher Martynas Vareikis, the apps are not only leaking user data, but also their private messages.
For the investigation, the researchers analysed 1,100 most popular apps across 55 different categories in the Google Play store. For popularity metrics, researchers used the ‘TOP {CATEGORY}’ collections provided by on the Play store.
CyberNews claims that their researchers reported their findings to Google and asked them to help the developers but the tech giant ignored all the queries. Although the researchers only looked at apps on the Play Store, it is likely that iOS apps might be affected by these misconfigurations too as Firebase is platform agnostic.
“If you’re an app developer, always make sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests CyberNews researcher.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
