According to a report by Check Point Research, many popular Android apps put your personal data at risk due to poorly secured third-party services.
The report highlights several different security flaws affecting 23 different apps available on Google Play, each with anywhere from 50,000 to 10 million downloads. Most of the offending apps collect and store user information, developer data, and internal company resources using unsecured real-time databases and cloud storage services. The security researchers were able to find the unsecured cloud databases from 13 apps, meaning outsider actors can also access them.
Other apps have improperly configured push notification managers, which hackers could use to intercept and modify seemingly legitimate notifications from the developers, seeding them with malware, phishing links, or misleading content.
These vulnerabilities put at least 100 million Android users at risk of fraud, identity theft, and malware attacks.
Check Point Research says it found one or more of these flaws in 23 apps, 13 of which had openly accessible real-time databases. However, the report only calls out five of these apps by name:
Astro Guru: A horoscope app with over 10 million downloads. It stores each user’s full name, date of birth, gender, GPS location, email address, and payment information.
iFax: A mobile faxing app that stores all documents sent by its 500,000-plus users in an accessible cloud database—with the cloud storage keys embedded in the app.
Logo Maker: A graphic design app with over 170,000 users. Check Point found that all users’ full names, account IDs, emails, and passwords are accessible.
Screen Recorder: This app has more than 10 million downloads. The report revealed it saves account passwords on the same cloud service that stores the recordings the app makes, leaving them vulnerable.
T’Leva: A taxi-hailing app from Angola with more than 50,000 downloads, this one leaves text history between drivers and riders, location data, full names, and phone numbers accessible.
Check Point says it notified the app creators, but only Astro Guru responded, and all of the apps are still available on Google Play.
The first step is to stop using the of the apps called out in Check Point Research’s report—but since only five are named, that means there are at least 18 others out there storing your data without the proper safeguards.
And that’s just what we know of from Check Point’s report—there are likely far more apps, websites, and services with misconfigured databases that we’ll never know about until after a leak.
While Check Point Research’s report and others like it can alert developers to insecure data storage practices, it’s ultimately up to the developers to fix the issue. However, users can take preventative measure to keep their personal info and other important data safe, no matter what apps they’re using:
Use two-factor authentication (2FA) whenever possible.
Withhold personal information from your accounts (don’t add your home address if a service doesn’t need it, for instance), or use fake info whenever possible.
Create unique passwords for every account and use an encrypted password manager.
Do not link third-party accounts like Google, Facebook, and Twitter if you can avoid it.
Keep app permissions to the bare minimum.
Use services that notify you of breaches and compromised accounts.
These extra steps won’t stop a breach, but they can mitigate your risk of identity theft, fraud, and other scams. We also have guides for preventing and responding to data breaches, ransomware attacks, malware, and identity theft, and how to spot common phishing tactics and other online scams.
[Threat Post]
Google just dropped the lightweight Gmail Go app on the Play Store, offering Android users two options for using Google’s email service on their devic
The Windows 10 May 2020 update made using Chrome a lot more difficult for some users—myself included. For months, people have reported unwanted sign-o
Apple has patched a peculiar issue with macOS Big Sur that previously allowed people to install the OS update even if they didn’t have enough space fo
Spotify is overhauling the “Your Library” section of its mobile app with a new layout, better search filters, and shortcut options that should make si
Entering virtual reality is fun, but it can also be productive: Lately, I’ve found it a fairly decent way to get in a quick workout. However, strappin
In the wake of the iPhone, iPad, and Mac, AirPods Pro have joined the ranks of Apple devices getting beta updates. Apple will now release regular beta
We love to joke that no one uses their smartphone to actually make calls in 2021. And even if that’s kind of true, we obviously need these devices to
As cool and convenient as wireless charging can be, boy is it slow. We’ve talked about how inefficient wireless charging is, especially compared to tr
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
