Android apps exposed data of millions of users through cloud authentication failures
Check Point Research published a report on Thursday detailing Android apps that contain critical cloud misconfiguration that allow for the potential exposure of data belonging to 100 million users. The report states that 23 popular mobile apps contain a variety of misconfiguration of third-party cloud services, which are widely used by online services and apps today. Cloud services are useful when it comes to data management and storage, however, one slip-up in the configuration process can allow for data leak disasters. Apps tend to integrate with real-time databases to store and synchronize data, according to Check Point. The researchers found that the app developers failed to ensure that the authentication mechanisms were in place, resulting in the database being left unsecured.
The report identifies the affected Android apps, including a taxi app, logo maker, screen recorder, fax service, and astrology software. These apps leaked data such as email records, chat messages, location information, user IDs, passwords, and images. In 13 of the cases, this highly sensitive data was left publicly available in cloud setups. The apps boasted between 10,000 and 10 million downloads each, therefore affecting a huge number of individuals.