Check Point experts discovered that only 23 Android apps are exposing 100 million users’ personal data due to misconfigurations. For example, developers often forget to password protect their server databases, and also leave tokens or access keys for cloud storage or push notifications in the source code of their application.
As a result, having studied 23 completely random applications, the experts were able to access the internal databases of 13 of them. These databases contained email addresses, passwords, private chats, location coordinates, user IDs, screen recordings, social media credentials, and personal images.
While some applications did not directly disclose user data, Check Point claims that these applications leaked access keys that could be used by attackers to send push notifications to all users, which could be used, for example, for highly effective phishing attacks.
“Imagine a news app sent its users a fake news notification that led to a phishing page. Since the notification was sent from the official app, users will consider it legitimate, sent by a news agency and not by hackers, ”the researchers explain.
ProApk on Google News – http://bit.ly/pro-apk-google-news
ProApk on Telegram – http://t.me/proapk_in
ProApk on Twitter – http://twitter.com/xdapirates
ProApk on Facebook – http://bit.ly/pro-apk-facebook