Analyzing the configuration of popular Android apps, security researchers at CyberNews found that 14 top Android apps with over 140 million collective installs are leaking sensitive user data due to improper access controls on their Firebase real-time database.
“Mobile app developers use Firebase real-time databases to store user records, financial information, and other kinds of sensitive data. Unfortunately, real-time databases are often managed by developers with no security training, which makes them an easy target for malicious actors,” notes CyberNews.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- Shield yourself with these best identity theft protection services
- We've put together a list of the best endpoint protection software
- These are the best malware removal software on the market
According to the researchers, the misconfiguration enabled them to access the real-time databases and the information it houses about the users without being prompted for any kind of authentication.
Fire in the hole
CyberNews claims to have reached out to the developers of all fourteen apps, five of which have since secured access to their Firebase databases. However, since a majority of the developers didn’t respond to the researchers, CyberNews reached out to Google to solicit their help in getting the developers to fortify their databases.
“Unfortunately, Google has ignored our queries, and we have not heard from them since,” claims CyberNews, adding that the nine unsecured apps continue to leak data of their combined user base of over 30 million individuals.
“If you’re an app developer, always make sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests CyberNews researcher Martynas Vareikis.
- Protect your devices with these best antivirus software