More than 4,000 Android apps reveal user information
According to TheHackerNew, the entire Android application uses Google's Firebase cloud service and it is unclear what causes the user's sensitive information to be exposed.
A survey conducted by security expert Bob Diachenko of Security Discovery in collaboration with Comparitech analyzed 15,735 Android applications (about 18% of the software available on the Play Store), uncovering the problem.
'4.8% of mobile apps use Google's Firebase cloud server service to store user information that is not fully secure, allowing anyone to access a repository of personal information user ID, token code as well as many other data without requiring passwords or authentication measures, 'said Comparitech representative.
The data and numbers revealed include email address (7 million), username (4.4 million), password (1 million), phone number (5.3 million), full name (18 , 3 million), messages (6.8 million), geolocation information (GPS - 6.2 million), IP address (156,000), residence address (560,000). All figures are listed at the 'minimum' level, which means the actual number will be even greater.
The number of software that has just been discovered is mainly games and applications in the category of Education, Entertainment and Business, with a total download and installation of 4.22 billion. Comparitech said that the ability of information of Android users to be exploited by at least one of the applications is very high in this case.
Along with 155,066 applications with publicly available data stores, the researchers also found 9,014 software with the right to overwrite, potentially exploiting hackers to insert malicious data and cause database damage, even distribute malware.
After being notified of the problem on April 22, Google immediately contacted and asked developers to resolve the issue.
Firebase, acquired by Google in 2014, is a popular mobile application platform, offering a variety of tools to help program developers build software, securely store data and associated files. View, correct errors, and even interact with users through the in-app chat feature.
This is not the first time the database containing Firebase user information has been exposed. Security experts at Appthority, Inc., discovered a similar case in 2018, with more than 100 million records of information leaked. Notably, Firebase is a cross-platform tool, so researchers also warn that the problem could affect iOS users as well as web-based applications.
Update 13 May 2020
You should read it
- Google raises data security with 2048 bit encryption
- Google reinforced Google Drive data protection encryption
- What is data encryption? Things to know about data encryption
- How to remove Adware Tracking Cookie when a computer is infected
- Top 20 best encryption software for Windows
- 5 popular encryption algorithms you should know
- Google was fined $ 17 million for tracking users on Safari
- Some common data security measures
- How to see everything Google knows about you?
- What is end-to-end encryption? How does it work?
- How to block Google from tracking you on an Android phone
- How to enable Full-Disk Encryption on Windows 10?
Maybe you are interested
Enable or disable Secure Boot via the ASUS UEFI BIOS utility How to temporarily lock the computer when entering the wrong password many times How to Add a Password to a .Bat File How to use ASCII characters to create strong passwords How to prevent DDoS attack with Nginx Techniques to exploit buffer overflows: Organize memory, stack, call functions, shellcode