Android: 14 popular apps leak users’ personal data
According to a disturbing new report from CyberNews, 14 famous apps on Android do not protect their users’ personal data well enough, which could be easily retrieved by hackers.
CyberNews reports that after analyzing the configuration of a thousand most popular Android apps, 14 of them would have leaked sensitive data about their users due to insufficient access controls on their Firebase real-time database. The exposed data potentially includes user names, emails, usernames, and more.
However, these applications have accumulated a total of 142.5 million downloads from the Google Play Store. Even the most popular applications are not necessarily the most secure, since we had already seen this year a massive data leak of 500 million users at LinkedIn, or 2.8 billion users affected by the leak of their personal data at Facebook.
Protecting your personal data is increasingly difficult
Cybernews did not share the name of any applications that were affected by the privacy issues related to the misconfiguration of Firebase, but this proves that despite their popularity, your personal data is not necessarily safe. It is therefore more than more difficult to be sure that your personal data is well protected. We can for example quote Universal TV Remote Control, Remote for Roku: Codematics, Hybrid Warrior: Dungeon of the Overlord or Find My Kids: Child Cell Phone Location Tracker.
For those who don’t know, Firebase is a mobile app development platform that offers a host of useful features, including real-time analytics, hosting, and cloud storage. This platform is used every month by more than 2.5 million applications, therefore it is likely that applications that you use on a daily basis are also prone to personal data leaks.
Android users aren’t the only ones affected by these privacy concerns, since some iOS applications at Apple could also be impacted by these bad configurations of Firebase. Since the CyberNews survey, only 4 apps fixed security issues, but 9 of them did not respond to the site’s warnings.