Security alert: Apps with 142.5M downloads caught leaking user details

October 4, 2021

By Kim Komando

There are thousands of apps available for Android devices, but not all are secure as they could be. Every time you download a new application, there is a slight possibility that it can put your data at risk. Tap or click here to see how 100 million users’ data got exposed through various misconfigurations.

And it’s not just unknown developers that leave something unpatched or vulnerable. There have been several instances where experienced companies put their users at risk. Whether through negligence or ignorance.

Now, a handful of apps have been caught leaking users’ information. Making matters worse is the popularity of the apps in question. They have been downloaded more than 142 million times.

Here’s the backstory

The CyberNews security team looked at the top Android apps on the Google Play Store and analyzed them for security flaws. What the team found were 14 apps that had been misconfigured through the Firebase platform.

The platform is owned by Google and is used to create mobile and web applications. It is the most used development tool for Android apps. It makes up the backbone of many apps, so if something isn’t configured the way it should be, it can lead to severe problems.

This is what the CyberNews team identified with 14 apps it analyzed. The platform for each app was configured in such a way that anybody with a bit of tech knowledge could access their real-time databases and all the user information stored. This was possible without any authentication.

The team alerted Google to the security issue and fixed the flaw for four of the apps immediately. NOTE: Google didn’t respond about the remaining apps, so the security researchers are withholding their names until they are safe.

The apps that have been fixed include:

What you can do about it

The flaw is a technical problem that can only be fixed with a patch by developers. Thus, there isn’t anything that you can do to fix the problem yourself.

The best course of action is to uninstall all the affected apps that might be on your phone. NOTE: We will update this article later once the list of bad apps is revealed. At that time, if any of the apps are not patched, delete them immediately.

To uninstall or delete apps on Android phones:

Keep reading

10M Android phones are open to a money-stealing attack

How to turn your Android into a mobile hotspot

https://www.komando.com/tips/software-and-apps/apps-caught-leaking-user-details/