Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors.
“By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users’ private data was exposed,” Check Point researchers said in an analysis published today and shared with The Hacker News.
“In some cases, this type of misuse only affects the users, however, the developers were also left vulnerable. The misconfigurations put users’ personal data and developer’s internal resources, such as access to update mechanisms, storage, and more at risk.”
The findings come from a study of 23 Android applications available in the official Google Play Store, some of which have downloads ranging from 10,000 to 10 million, such as Astro Guru, iFax, Logo Maker, Screen Recorder, and T’Leva.
According to Check Point, the issues stem from misconfiguring real-time databases, push notification, and cloud storage keys, resulting in spillage of emails, phone numbers, chat messages, location, passwords, backups, browser histories, and photos.
By not securing the database behind…