Some Android apps have exposed the data of 100 million users
A total of 23 Android apps, due to a configuration error in the cloud, exposed the data of over 100 million users, the Check Point security researchers discovered
(photo: Unsplash) The personal data of over 100 million Android users have been exposed by 23 applications due to some misconfiguration of the third-party cloud services they rely on. The discovery was made by Check Point security researchers who pointed out that these configuration errors also exposed internal developer resources, such as update mechanisms and data storage. "This misconfiguration of real-time databases is not new, but to our surprise, the scope of the problem is still too broad and affects millions of users," reads the report published by Check Point.During By investigating the contents of publicly available databases, security researchers were able to retrieve a lot of sensitive information belonging to users including email addresses, passwords, private chats, device location and user IDs. "If an attacker could gain access to this data, they could potentially use it to enact scrolling of the service (which occurs when trying to use the same username-password combination on other sites), perform fraud or identity theft, ”the researchers explain.
Check Point's experts were able to access the back-end databases of 13 applications and easily consult the content belonging to users. In some cases, the applications analyzed even exposed access keys that, if exploited, would have potentially allowed attackers to abuse push notifications on users' devices to display messages that could have led users to malicious websites preset to release. malware or phishing.
One of the apps analyzed by experts, Screen Recorder, on Google Play has over 10 million downloads, and allows users to store screen activities on a cloud service. The researchers found that it was possible to access cloud storage keys that allowed access to user screenshots. A serious security gap for an app that stores highly sensitive and private data.
Researchers have compiled a list of affected applications on the Check Point website to allow users to verify if their data has potentially been exposed and run for cover by uninstalling the app or installing the update with the security pathc.
Business - 8 hours ago
Ibm bets on artificial intelligence applied to language
adsJSCode ("nativeADV1", [[2,1]], "true", "1", "native", "read-more", "1"); Smartphone - May 20
Poco M3 Pro 5G, the cheapest 5G smartphone in Italy
adsJSCode ("nativeADV2", [[2,1]], "true", "2", "native", "read-more", "2"); Tech - May 19
The risks of a sieve smart city
Topics
Android Cybersecurity Privacy globalData.fldTopic = "Android, Cybersecurity, Privacy"
You may also be interested in
This opera is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
