Click to Skip Ad
Closing in...
  1. AirPods 2 Price
    11:46 Deals

    Amazon’s AirPods 2 price is the lowest it’s been all year, but not for much lo…

  2. Best Car Detailing Products
    14:14 Deals

    The best car detailing product is a $5.59 tool on Amazon that pros don’t want you to…

  3. Best Robot Vacuum Deals
    13:00 Deals

    Amazon’s best Roomba vacuum deal is the Roomba 675 for $199

  4. Furrion Outdoor TV Deals Reviews
    10:32 Deals

    These Furrion outdoor TV deals are crazy, and up to $400 off today at Amazon

  5. Best Meat Thermometer
    08:06 Deals

    Amazon shoppers love this $22 gadget that helps you cook perfect steak every time




If you use any of these Android apps, your personal data may be exposed

May 22nd, 2021 at 9:01 AM
Android apps

Here we go again — more than 100 million users of almost two dozen Android apps have had their personal data exposed, according to new research from a cybersecurity firm that says it discovered the problem stemmed from the way developers misuse third-party cloud services.

The team at Check Point Research published a report that revealed specific examples of vulnerable applications, including astrology, taxi, screen recording, and fax mobile apps. Among other things, CPR found publicly available sensitive data from real-time databases connected to several Android apps that had garnered between 10,000 and 10 million installations. The personal data included emails, chat messages, passwords, and photos, among other things, and CPR also found push notification and cloud storage keys embedded in many Android apps themselves.

Today's Top Deal Incredible Amazon deal gets you best-selling Alexa smart plugs for just $5 each! List Price:$24.99 Price:$19.99 You Save:$5.00 (20%) Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

“A real-time database is one that works on live and constantly changing data, rather than persistent data that is stored on a disc,” CPR explained in an email about the findings. “App developers depend on real-time databases to store data on the cloud … If a malicious actor gains access to the sensitive data extracted by CPR, it would potentially lead to fraud, identity-theft and service-swipe, which is trying to use the same username-password combination on other services.”

As you can see, with mobile applications having become such a ubiquitous part of our lives, it’s not just the apps themselves that need to be secure. Developers also need to stop overlooking the security aspect associated with services that are also part and parcel of mobile apps, such as cloud-based storage, real-time databases, analytics, and notification management.

Examples of Android apps that CPR cited in this new report are Astro Guru, T’Leva, and Logo Maker. T’Leva, a taxi app, was found to have garnered 50,000 downloads, while the other two — Astro Guru, an astrology app, and Logo Maker, a graphic design app — reached 10 million downloads. In terms of what data CPR found was extracted from each of them, the report identified the following from each app:

  • Astro Guru: Name, date of birth, gender, location, email and payment details
  • T’Leva: Chat messages between drivers and passengers and retrieve users full names, phone numbers, and locations (destination and pick-up)
  • Logo Maker: Email, password, username, user-ID

“Most of the apps we took a look at are still exposing the data now,” said Check Point Software manager of mobile research Aviran Hazum. “Data gathering, especially by a malicious actor, is very serious. Ultimately, victims become vulnerable to many different attack vectors, such as impersonations, identify theft, phishing and service swipes. Our latest research sheds light on a disturbing reality where application developers place not only their data, but their private users’ data at risk.

“By not following best-practices when configuring and integrating third party cloud-services into applications, tens of millions of users’ private data has been exposed.”

The whole report is worth a read here. “This misconfiguration of real-time databases is not new,” it continues, “but to our surprise, the scope of the issue is still far too broad and affects millions of users. All our researchers had to do was attempt to access the data. There was nothing in place to stop the unauthorized access from being processed.”

Today's Top Deal Incredible Amazon deal gets you best-selling Alexa smart plugs for just $5 each! List Price:$24.99 Price:$19.99 You Save:$5.00 (20%) Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.




Popular News