The Google Play store offers millions of apps for free or for a small fee, and allows Android smartphone users to make the most of their devices. However, sometimes these Android applications can cause big problems for users because they leak personal information online.
Unlike the case of malware, these applications are simply misconfigured, which means that developers can solve these problems. However, before they do so, using these applications will have a very negative impact on users. According to CyberNews reports, due to a misconfiguration of Firebase, 14 Android apps in the Play Store leaked user data, leading to online leaks of private information.
The Firebase platform is provided by Google, so developers can effortlessly add multiple features to their applications. The report points out that these applications are very popular and have been downloaded more than 140 million times. Researchers analyzed 1,100 most popular apps in 55 categories in the Play Store. Analyze the traces of their default Firebase addresses by decompiling and searching each application.
“If the address is found, we will try to access it using the REST API provided by Google to check for database permissions configuration errors. All requests to the database are made using the “Shallow = True” parameter. This allows us to access any data without In the case of viewing the names of the tables stored in the database,” the report states. Since the application did not properly configure Firebase, the report pointed out that user data may be leaked-including the account’s username, email address, and the user’s real name.
The report also claims that anyone who knows the URL can access these databases without authentication-this may also be achieved by guessing the URL. The report stated that Google did not respond to attempts to contact, so installing these apps may mean that these apps are still leaking data. According to CyberNews, this means that if you have a universal TV remote with more than 100 million users installed, you should be aware that your personal data may be leaked.
Child GPS watch application and phone tracker have been downloaded more than 10 million times, but they are also affected by configuration errors. Users should also pay attention to Hybrid Warrior: Dungeon of the Overlord and Remote for Roku: Codematics and other applications, as they appear to have been affected by security breaches.
News Source : HT Tech
