This Android browser might have leaked the details of millions of users
As many as five million users could have had data compromized
A popular Android browser app with more than five million downloads on the Google Play Store may have been leaking user data including browser history, experts have claimed.
Cybernews says it discovered that the ‘Web Explorer - Fast Internet’ app had left its Firebase instance open - a mobile application development platform that’s designed to assist with analytics, hosting, and cloud storage.
At risk is five days’ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.
Android Web Explorer data leak
Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.
The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.
“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,” CyberNews noted.
It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, it’s not all good news: Cybernews reached out to the app’s team about its findings, but it’s yet to receive a reply.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded ‘secrets’ are likely still there. The researchers write: “...we can only guess what other information could be leaking through the application’s secrets”.
- Secure your data with the best ID theft protection
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!