Misconfigured Android apps are leaking user data

Misconfigured Android apps are leaking user data

Check Point experts discovered that only 23 Android apps are exposing 100 million users’ personal data due to misconfigurations. For example, developers often forget to password protect their server databases, and also leave tokens or access keys for cloud storage or push notifications in the source code of their application.

As a result, having studied 23 completely random applications, the experts were able to access the internal databases of 13 of them. These databases contained email addresses, passwords, private chats, location coordinates, user IDs, screen recordings, social media credentials, and personal images.

While some applications did not directly disclose user data, Check Point claims that these applications leaked access keys that could be used by attackers to send push notifications to all users, which could be used, for example, for highly effective phishing attacks.

“Imagine a news app sent its users a fake news notification that led to a phishing page. Since the notification was sent from the official app, users will consider it legitimate, sent by a news agency and not by hackers, ”the researchers explain.

The company’s specialists shared the names of only 5 out of 23 studied applications: Logo Maker, Astro Guru, T’Leva, Screen Recorder and iFax.

Misconfigured Android apps are leaking user data


ProApk on Google Newshttp://bit.ly/pro-apk-google-news
ProApk on Telegramhttp://t.me/proapk_in
ProApk on Twitterhttp://twitter.com/xdapirates
ProApk on Facebookhttp://bit.ly/pro-apk-facebook