PrivacyTech NewsTrending

About 4,000 Android Apps Exposes Customers Data: Misconfigured Database

Photo of Satender Kumar Satender KumarMay 13, 2020
0 575 1 minute read

Security researchers in the analysis found that more than 4,000 Android apps that are using Google cloud-hosted Firebase are unknowingly exposing users to sensitive information including usernames, passwords, full name, chat messages, and phone numbers.

Firebase is a mobile and web application development platform that was developed by Firebase in 2011 and acquired by Google in 2014. The platform helps third party developers by offering a variety of tools to build apps, securely store app data and files, engage with users through messaging features.

The security team that leads by Bob Diachenko from Security Discovery with Comparitech had examined over 515,735 Android apps from Play Store.

Android-database-exposed-firebase

More than 4,282 Android apps were leaking sensitive data, that is an estimate of 0.83% of all applications from Google Play leak sensitive data through Firebase.

Comparitech said

Firebase is a cross-platform tool used across several operating systems and platforms, researchers also said that the misconfiguration also impacts Android, IOS as well as web apps.

Firebase Exposed data 

The exposed data includes:

  • E-mail addresses: 7,000,000+
  • Usernames: 4,400,000+
  • Passwords: 1,000,000+
  • Phone numbers: 5,300,000+
  • Full Name: 18,300,000+
  • Chat messages: 6,800,000+
  • GPS data: 6,200,000+
  • IP addresses: 156,000+
  • Street addresses: 560,000+
firebase exposed databases

Researchers also found credit card numbers and photos of government-issued identification.

Scrubs exposed databases from search results

The researchers use Firebase’s REST API to access the stored database through the search by appending .json in the URL 

For example https://.firebaseio.com/.json

After analysing 11,730 publicly exposed databases researchers found that 9,014 databases also include write permissions which can allow unauthenticated attackers to modify, add and delete the whole database.

The exposed database could allow an attacker to:

  • Inject data into an application
  • Scam peoples through Phishing 
  • Spread malware
  • Corrupt database of the application 

After the investigation was completed Google was notified of the findings with detail report.

Guidelines to be followed by Developers:

Guidelines to be followed by Users

  • Never use the same passwords in multiple platforms 
  • Do not share sensitive information such as government ID, Social Security numbers, etc.
  • Use only trusted apps

Tags
Photo of Satender Kumar Satender KumarMay 13, 2020
0 575 1 minute read
Photo of Satender Kumar

Satender Kumar

A Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others and always available to play chess.

Related Articles

Photo of Snapchat Introduces a New Game to Bust Coronavirus Myths

Snapchat Introduces a New Game to Bust Coronavirus Myths

March 29, 2020
Photo of Samsung Galaxy S21+ Price and Specs Leaked

Samsung Galaxy S21+ Price and Specs Leaked

December 4, 2020
Photo of Twitter Wednesday Hack Updates | Hackers Downloaded Data of 8 Users

Twitter Wednesday Hack Updates | Hackers Downloaded Data of 8 Users

July 20, 2020
Photo of Top 5 cybercrimes predicted for 2020

Top 5 cybercrimes predicted for 2020

February 4, 2020

Leave a Reply

Check Also
Close
Back to top button
The Tech Infinite