Skip to main content

Popular Android apps are leaking user data online

Data leak
(Image credit: Shutterstock/dalebor)

Over a dozen top Android apps listed on the Google Play Store were found to be leaking user data, according to a cybersecurity investigation.

Analyzing the configuration of popular Android apps, security researchers at CyberNews found that 14 top Android apps with over 140 million collective installs are leaking sensitive user data due to improper access controls on their Firebase real-time database.

Mobile app developers use Firebase real-time databases to store user records, financial information, and other kinds of sensitive data. Unfortunately, real-time databases are often managed by developers with no security training, which makes them an easy target for malicious actors,” notes CyberNews.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

According to the researchers, the misconfiguration enabled them to access the real-time databases and the information it houses about the users without being prompted for any kind of authentication.

Fire in the hole

CyberNews claims to have reached out to the developers of all fourteen apps, five of which have since secured access to their Firebase databases. However, since a majority of the developers didn’t respond to the researchers, CyberNews reached out to Google to solicit their help in getting the developers to fortify their databases.

“Unfortunately, Google has ignored our queries, and we have not heard from them since,” claims CyberNews, adding that the nine unsecured apps continue to leak data of their combined user base of over 30 million individuals.

“If you’re an app developer, always make sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests CyberNews researcher Martynas Vareikis.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.