While Google has made strides in recent years to make Android more secure, the open nature of the platform means it remains a vulnerable OS. Fragmentation, third-party app stores, and nefarious developers all lead to Android risks. According to new research, 23 mobile apps on the platform were leaking personal cloud information, affecting 100 million users.
As the world's most used computing platform, when Android security is compromised, it affects a massive number. This time, over 100 million users were caught up in problems with cloud configuration.
Check Point Research explains its team of security experts found chat messages, locations, photos, passwords, personal information, and emails from Android users available for anyone to see. Despite the app developers being informed by Check Point, only “a few” changed configurations to make the data private.
It's not just users at risk, the apps themselves are also exposed. Check Point found cloud-storage keys are also open in several Android apps. This means app functionality and internal resources are also exposed.
“Modern cloud-based solutions have become the new standard in the mobile application development world,” the company explains in a blog. “Services such as cloud-based storage, real-time databases, notification management, analytics and more are simply a click away from being integrated into applications. Yet, developers often overlook the security aspect of these services, their configuration, and of course, their content.”
Because of the complete data that is leaked, it would be fairly simple for threat actors to conduct attacks. For example, phishing attacks, using credentials for social engineering, identity theft, and fraud.
Attackers could access the information from real-time databases on 13 of the affected applications. Check Point says the popularity of the app differs from 10,000 downloads to over 10 million.
“This misconfiguration of real-time databases is not new, and continues to be widely common, affecting millions of users,” says the blog. “All [Check Point] researchers had to do was attempt to access the data. There was nothing in place to stop the unauthorized access from happening.”
Tip of the day: Do you know the built-in repair tools SFC and DISM of Windows 10? With many problems they can get you back on track without loosing data and using third-party programs. In out tutorial we show you how to use them.