Category: Google|May 23, 2021 | Author: Admin

Personal data of over 100 million Android users has been leaked

Share on

Incorrectly configured cloud services are blamed when it turns out that over 100 million Android users have had their data spread for all to see.

Android.jpeg

Many sinners
It was security researchers from Check Point who revealed that the personal data of more than 100 million Android users has been exposed to the open internet as a result of incorrectly configured cloud services, there is talk of a selection of services and various reasons for the leak.

 

The data was found in unprotected real-time databases used by 23 apps with download numbers ranging from 10,000 to 10,000,000.

 

Over a dozen evildoers
The revelation shows that an alarming number of Android developers do not follow basic procedures to ensure that the apps' databases are adequately secured. The number of mobile apps that have configuration errors in databases shows that this problem is very widespread and can be easily exploited by those with malicious intent.

 

Real-time databases are used to store data in the cloud and synchronize it with connected clients (app users) in real-time. The researchers from Check Point found several databases that were unprotected so that anyone could access personal information, some of it considered sensitive, belonging to more than 100 million users.

 

 

Of the total of 23 apps that Check Point analyzed, more than a dozen of these have 10 million installations or more, most of them had their real-time databases configured incorrectly and thus exposed personal information about users to the outside world.

 

The data the researchers found included name, email, date of birth, messages, locations, gender, password, photos, payment details, phone number, and received push messages. Of all the apps that were examined, the researchers found that there were a dozen apps that were the worst, and several of the apps that exposed this type of information are available in Google Play and have more than 10 million installations, examples of which are Screen Recorder, Logo Maker and Astro Guru.

 

 

Revealed security keys
The research group also found a group of apps that had security keys built into the app itself, in one of the apps they even found access details to Push services hard-coded.

 

One of the worst, Screen Recorder, which also has 10 million installations, so researchers found access details for the cloud storage the app used. These access details could potentially allow attackers to access screenshots from app users. The same also applied to the iFax app, whereby using the access details you could see documents and faxes belonging to more than half a million users.

 

Security through obscurity
Through the research at Check Point, the researchers found that some developers used base64 encryption of security keys that do not really provide any kind of security as decoding of the keys is not protected.

 

Even if the application does not store keys in clear text, all that is needed is to find the part of the code that initializes access to cloud services, which mostly receives the keys as parameters, and follows their values. Eventually, if the keys are coded into the app, we will receive the value in them, writes Check Point.

 

Have you used any of the apps that Check Point has checked out?

Sponsored Ads:

Comments:


Project-Taara-1155x770.webp

Sent 700tb over 4 km of laser technology

Category: IT|Sep 18, 2021 | Author: Admin
Fiber.jpg

'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin
Discord.png

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin
Facebook.webp

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin
Apple.webp

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin
Epic.webp

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin
Desktop-Screenshot.png

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin
chrome-os-secret-weapon-100856418-large.jpg

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin
sunset-gold-iphone-13-render.png

iPhone 13 unveiled in Ukraine

Category: Apple|Sep 10, 2021 | Author: Admin
iCloud.jpg

Apple brings iCloud passwords to Windows, Microsoft's Edge

Category: Apple|Sep 9, 2021 | Author: Admin
AI.webp

AI will determine if you are allowed to drive

Category: General|Sep 8, 2021 | Author: Admin
TPM.png

The game is now blocking unsupported Windows 11 machines

Category: IT|Sep 7, 2021 | Author: Admin
Tech.png

US court rejects patent applications from AIs

Category: General|Sep 6, 2021 | Author: Admin
black.png

Facebook apologizes: their AI tagged video of black men as 'Primates'

Category: General|Sep 5, 2021 | Author: Admin
Apple.png

Apple postpones abuse monitoring after massive criticism

Category: Apple|Sep 4, 2021 | Author: Admin
more