Security researchers have discovered that some popular Android apps leaked the data of over 100 million users after developers failed to properly configure their third party cloud services.
News of the widespread data leak comes from a study of just 23 apps by cyber threat intelligence vendor Check Point Research (CPR).
Its research turned up all kinds of personal data including emails, chat messages, location, passwords and photos, which CPR argues could lead to identity-theft and fraud.
- These are the best antivirus apps for Android
- Also check our roundup of the best privacy apps for Android
- Shield yourself with these best identity theft protection services
The cybersecurity company says cloud services such as cloud storage, cloud databases, cloud analytics, and such have become an inherent part of a mobile application developers’ workflow, yet many refuse to follow security best practices when configuring them.
“Modern cloud-based solutions have become the new standard in the mobile application development world....Yet, developers often overlook the security aspect of these services, their configuration, and of course, their content,” says CPR.
Treasure-trove
CPR researchers note that it didn’t take them much effort to access sensitive data from real-time databases in thirteen Android apps, many of which have clocked millions of downloads.
More troubling is the fact that CPR found keys for push notifications and cloud storage embedded inside a number of Android apps themselves. If malicious attackers get hold of the push notification keys of an app, they can send malevolent content via notifications to users of the app.
Similarly, they were able to retrieve the cloud storage keys for some popular apps, which allowed them to view details that the users of the apps have entrusted to the app.
CPR has identified several apps, along with their security shortcomings, in their analysis, though they add that they approached both Google and the developers of the apps before sharing their findings.
“A few of the apps have changed their configuration,” shares CPR suggesting that many apps failed to mend their ways despite being warned.
- Protect your devices with these best antivirus software
