Did this Android apps flaw expose your passwords? Many of these on Google Play Store
- These Android apps flaws have been found in over 19,000 apps including in lifestyle, workout, and gaming apps along with several email and food delivery apps.
Android apps flaw threat: The Avast Threat Labs researchers have discovered a new security flaw in more than 19,000 Android apps. It is said to put users' private data - including email addresses, date of birth, current location and passwords - at risk. Moreover, many of these apps are available to download via Google Play Store. For reference, the Play Store is supposed to keep Android phones safe and free from security issues and only give a place to secure apps. Plus, the Android apps flaw has been found in applications across a wide range.
These affected apps include services from lifestyle, workout, and gaming apps along with several email and food delivery applications. As per the researchers, this Android apps flaw is being caused by developers who create the apps misconfiguration something called the Firebase database. For the unaware, Firebase is a platform developed by Google. It helps users create mobile and web applications. However, it isn’t following Google’s best practices. Hence, leaving the data of those downloading apps vulnerable.
The researchers at Avast Labs looked at 180,300 publicly available Firebase instances. Out of these apps, they found over 10 percent (19,300) that were open, which exposed the data to unauthenticated developers. These Android apps were open due to misconfiguration by the app developers. “Each one of these open instances is a data breach event waiting to happen and can pose critical business, legal and regulatory risks if they happen. Potentially the personal information of over 10% of users of Firebase-based apps could be at risk,” explained Vladimir Martyanov, Malware Researcher at Avast.
The open instances put the data stored and used by the apps developed with Firebase at risk of theft. However, there is little consumers can do right now to protect themselves. “Today, any company has an app - shops, gyms, postal services, or even environmental and donation apps, built for convenience, and often with good causes in mind. Even more so businesses should insist on a responsible development of their apps, making security and privacy a key part of the entire app development process, not just as a later ‘bolt on.,” said the researchers.