Alert! 14 apps on Google Play Store leaked users' data; Check names
The Google Play Store is home to millions of apps that are available for free, or for a small fee, and allows Android smartphone users to make the most of their devices. However, sometimes these Android apps can cause big problems for users as they leak personal information online. Unlike the case of malware, these apps are simply misconfigured, which means that the developers can fix these issues. However, until they do so, using these apps can have a very negative impact on users.
According to a report by CyberNews, 14 Android apps from the Play Store have been leaking user data due to a Firebase misconfiguration, which has been resulting in private information being leaked online. The Firebase platform is provided by Google so that developers can add several capabilities into their apps without much effort. The report states that these apps were popular and have been downloaded over 140 million times.
Also read: Looking for a smartphone? Check Mobile Finder here.
The researchers analysed 1,100 of the most popular apps across 55 categories on the Play Store. These were analysed by decompiling and searching each app for traces of their default Firebase address. “If the address was found, we checked for database permission misconfigurations by trying to access it using the REST API provided by Google. All requests to the databases were made with the “Shallow = True” argument. This allowed us to see the names of the tables stored on the databases without accessing any data,” the report states.
Because the apps had not configured Firebase properly, the report states data of users could be leaked – including usernames for accounts, email addresses, as well as a user’s real name. The report also alleges that anyone who knows the URL to access these databases without authentication -- something that would also likely work by guessing the URL. The report states that Google did not respond to attempts to reach out, so having these apps installed could mean data is still being leaked by these apps.
This means that if you have the Universal TV Remote Control, which over 100 million users have installed, you should be aware that your personal data can be leaked, according to the CyberNews report. Similarly, the Find My Kids: Child GPS watch app & Phone Tracker has over 10 million downloads but has also been affected by misconfiguration, according to the report. Users should also be aware of Hybrid Warrior: Dungeon of the Overlord and Remote for Roku: Codematics among other apps as they appear to have been affected by the security flaw.