More than 4,000 Android apps reveal user information

According to TheHackerNew, the entire Android application uses Google's Firebase cloud service and it is unclear what causes the user's sensitive information to be exposed.

A survey conducted by security expert Bob Diachenko of Security Discovery in collaboration with Comparitech analyzed 15,735 Android applications (about 18% of the software available on the Play Store), uncovering the problem.

'4.8% of mobile apps use Google's Firebase cloud server service to store user information that is not fully secure, allowing anyone to access a repository of personal information user ID, token code as well as many other data without requiring passwords or authentication measures, 'said Comparitech representative.

The data and numbers revealed include email address (7 million), username (4.4 million), password (1 million), phone number (5.3 million), full name (18 , 3 million), messages (6.8 million), geolocation information (GPS - 6.2 million), IP address (156,000), residence address (560,000). All figures are listed at the 'minimum' level, which means the actual number will be even greater.

The number of software that has just been discovered is mainly games and applications in the category of Education, Entertainment and Business, with a total download and installation of 4.22 billion. Comparitech said that the ability of information of Android users to be exploited by at least one of the applications is very high in this case.

Along with 155,066 applications with publicly available data stores, the researchers also found 9,014 software with the right to overwrite, potentially exploiting hackers to insert malicious data and cause database damage, even distribute malware.

After being notified of the problem on April 22, Google immediately contacted and asked developers to resolve the issue.

Firebase, acquired by Google in 2014, is a popular mobile application platform, offering a variety of tools to help program developers build software, securely store data and associated files. View, correct errors, and even interact with users through the in-app chat feature.

This is not the first time the database containing Firebase user information has been exposed. Security experts at Appthority, Inc., discovered a similar case in 2018, with more than 100 million records of information leaked. Notably, Firebase is a cross-platform tool, so researchers also warn that the problem could affect iOS users as well as web-based applications.