Tech News

Failure in Google Play Store apps expose 100 million users

Pinterest LinkedIn Tumblr

Mobile application developers are exposing personal data to more than 100 million users, according to the report recently released by CheckPoint, simply because they do not follow best security practices when integrating third-party cloud services into their applications.

Check Point researchers recently reviewed 23 Android apps, including a screen recorder, taxi app, fax service, logo maker and astrology software, and found that programmers exposed their own data and that of users via a variety of incorrect settings in third-party cloud services.

In 13 applications, confidential details were publicly available in insecure cloud configurations. Confidential data included chat messages, emails, location details, gender, date of birth, phone numbers, passwords, photos and payment details. Cybercriminals can easily use this information to carry out fraud, identity theft and theft of service.

Failure in Google Play Store apps expose 100 million users

On a blog post, the researchers said they found confidential details in unprotected real-time databases used by 23 applications, user data ranging from 10,000 to 10 million.

Some of these apps were found on the Google Play Store with more than 10 million downloads, including Astro Guru, Logo Maker and Screen Recorder. The latter exposed passwords for cloud storage, giving users access to screenshots.

Some apps have also exposed data related to their developers, such as credentials for the app’s push notification service. Hackers can easily exploit the notification service to send false alerts to users of applications.

Another Android application, iFax, exposed cloud storage passwords, allowing access to a database containing fax transmissions and other documents from more than 500,000 users.

With the application of the taxi service T’Leva, Check Point investigators were able to access all messages sent between customers and drivers, names, telephone numbers and a variety of other details, by sending a simple request to the database.

“This incorrect configuration of the databases in real time is not new, but, to our surprise, the problem is still very broad and affects millions of users. All our investigators had to do was try to access the data. There was nothing in place to prevent the processing of unauthorized access, ”said the investigators.

“Most of the applications we found had ‘read’ and ‘write’ permissions. This alone can compromise an entire application, without considering the impact on the programmer’s reputation, its user base or even its relationship with the hosting market. ‘

The situation was discovered some time ago and reported, however, to the researchers’ surprise, some of these flaws have yet to be resolved. “Most of the apps we’ve reviewed are still displaying data at this point. Our latest investigation reveals a worrying reality, where application developers put at risk not only their data, but that of users themselves ”, says Aviran Hazum, manager of mobile research at Check Point Software.

Want to read GSMNigeria more news? See Related Posts below

Want to read GSMNigeria more news? See Related Posts below

Have an article/sponsored post to share? Whatsapp: +2348129656985.

Notify of
Inline Feedbacks
View all comments
Pin It