Personal data of over 100 million Android users exposed by mobile app developers: Report
Researchers not only put users’ data at risk, but they also left their own data exposed to hackers.
Personal data of over 100 million Android users have been exposed owing to the misconfiguration of third-party cloud services by mobile app developers. The personal data exposed due to this misconfiguration includes emails, chat messages, location, passwords, and photos.
Researchers at CheckPoint Research recently analysed the data of 23 Android apps with the number of downloads per app ranging between 10,000 and 10 million. In their analysis, the researchers discovered that in the last few months many app developers have left data of millions of users’ private information exposed simply by not following best practices when configuring and integrating third party cloud-services into their applications.
As per their analysis, the researchers not only put users’ data at risk, but they also left their own data exposed. This includes developers’ internal resources, such as access to update mechanisms, storage, and more, at risk.
Some of the top Android apps that the researchers found with this misconfiguration include Logo Maker, Astro Guru, T’Leva. CPR researchers also found out that Astro Guru put details such as name, date of birth, gender, location, email, and payment details of its users at risk, while taxi app T’Leva put information such as full names, phone numbers, and locations (destination and pick-up) of over 50,000 users at risk. The data of other apps such as Screen Recorder and iFax too are at risk.
Researchers caution that if a malicious actor gains access to this data, it could potentially lead to service swipes, fraud, or even identity theft.
The good news is that CPR has already notified Google about these apps and some of the apps have also changed their configuration to make their and their users’ data safe.