This Android browser might have leaked the details of millions of users

data privacy
(Image credit: Shutterstock / Zeeker2526)

A popular Android browser app with more than five million downloads on the Google Play Store may have been leaking user data including browser history, experts have claimed.

Cybernews says it discovered that the ‘Web Explorer - Fast Internet’ app had left its Firebase instance open - a mobile application development platform that’s designed to assist with analytics, hosting, and cloud storage

At risk is five days’ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.

Android Web Explorer data leak

Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.

The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.

“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,” CyberNews noted.

It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, it’s not all good news: Cybernews reached out to the app’s team about its findings, but it’s yet to receive a reply.

Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded ‘secrets’ are likely still there. The researchers write: “...we can only guess what other information could be leaking through the application’s secrets”.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Stalkerware
New spyware found to be snooping on thousands of Android and iOS users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Kaspersky Report on Stalkerware
Security flaw in popular stalkerware apps is exposing phone data of millions
Data breach
Privacy of millions worldwide compromised as huge data location broker got hacked
Latest in Phone & Communications
GlocalMe KeyTracker
When I tested this global tracker, it trounced the Apple AirTag in so many ways
Privacy Hero II
Privacy Hero II VPN Router
ThinkPhone 25 by Motorola
I reviewed the ThinkPhone 25 by Motorola and while it's not as fast as its predecessor, it's the superior phone in so many ways
FRITZ!Box 7690 WiFi 7 Router
FRITZ!Box 7690 router review
Ulefone Armor Pad 4 Ultra Thermal
Ulefone Armor Pad 4 Ultra Thermal rugged tablet review
Unihertz Tank Pad 8849
Unihertz Tank Pad 8849 rugged tablet review
Latest in News
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025