More than 4,000 Android apps reveal user information
According to TheHackerNew, the entire Android application uses Google's Firebase cloud service and it is unclear what causes the user's sensitive information to be exposed.
A survey conducted by security expert Bob Diachenko of Security Discovery in collaboration with Comparitech analyzed 15,735 Android applications (about 18% of the software available on the Play Store), uncovering the problem.
'4.8% of mobile apps use Google's Firebase cloud server service to store user information that is not fully secure, allowing anyone to access a repository of personal information user ID, token code as well as many other data without requiring passwords or authentication measures, 'said Comparitech representative.
The data and numbers revealed include email address (7 million), username (4.4 million), password (1 million), phone number (5.3 million), full name (18 , 3 million), messages (6.8 million), geolocation information (GPS - 6.2 million), IP address (156,000), residence address (560,000). All figures are listed at the 'minimum' level, which means the actual number will be even greater.
The number of software that has just been discovered is mainly games and applications in the category of Education, Entertainment and Business, with a total download and installation of 4.22 billion. Comparitech said that the ability of information of Android users to be exploited by at least one of the applications is very high in this case.
Along with 155,066 applications with publicly available data stores, the researchers also found 9,014 software with the right to overwrite, potentially exploiting hackers to insert malicious data and cause database damage, even distribute malware.
After being notified of the problem on April 22, Google immediately contacted and asked developers to resolve the issue.
Firebase, acquired by Google in 2014, is a popular mobile application platform, offering a variety of tools to help program developers build software, securely store data and associated files. View, correct errors, and even interact with users through the in-app chat feature.
This is not the first time the database containing Firebase user information has been exposed. Security experts at Appthority, Inc., discovered a similar case in 2018, with more than 100 million records of information leaked. Notably, Firebase is a cross-platform tool, so researchers also warn that the problem could affect iOS users as well as web-based applications.
4 ★ | 2 Vote
You should read it
- Google raises data security with 2048 bit encryption
- Google reinforced Google Drive data protection encryption
- What is data encryption? Things to know about data encryption
- How to remove Adware Tracking Cookie when a computer is infected
- Top 20 best encryption software for Windows
- 5 popular encryption algorithms you should know
- Google was fined $ 17 million for tracking users on Safari
- Some common data security measures
- How to see everything Google knows about you?
- What is end-to-end encryption? How does it work?
- How to block Google from tracking you on an Android phone
- How to enable Full-Disk Encryption on Windows 10?
Maybe you are interested
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Inside the Nuclear Shelter That Stores Over $100 Million in Bitcoin
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Detecting software vulnerabilities Samsung can be rewarded with 1 million USD
950 million users should update the Telegram app immediately
Listen to the scary sound of a black hole 250 million light years from Earth announced by NASA