Beware! These Apps on Google Play Store Leaked User Data; Check
Millions of users who downloaded these Android apps from the Google Play Store may be affected by a data breach. Here's what all you need to know about.
The Google Play Store is home to millions of apps that are available for free or for a small fee, and it allows Android smartphone users to get the most out of their devices. However, sometimes these Android apps can cause big problems for users as they leak personal information online. Unlike in the case of malware, these applications are simply misconfigured, which means that developers can fix these problems. However, until they do, the use of these applications can have a very negative impact on users.
As per a Cyber News report, 14 Android apps from the Play Store have been leaking user data due to incorrect Firebase settings, causing private information to be leaked online. Google provides the Firebase platform so that developers can add various capabilities to their applications without much effort. The report claims that these apps were popular and have been downloaded more than 140 million times.
The researchers analyzed 1,100 of the most popular apps in 55 categories on the Play Store. These were analyzed by decompiling and searching each application for traces of its default Firebase address, "If the address was found, we checked for database permission misconfigurations by trying to access it using the REST API provided by Google. All requests to the databases were made with the "Shallow = True" argument. This allowed us to see the names of the tables stored on the databases without accessing any data," the report states.
Because applications did not configure Firebase correctly, the report indicates that user data could be leaked, including account usernames, email addresses, and a user's real name. The report also alleges that anyone who knows the URL to access these databases without authentication, something that would probably also work by guessing the URL. The report indicates that Google did not respond to attempts to communicate, so having these apps installed could mean that these apps are still leaking data.
This means that if you have the universal TV remote, which has been installed by more than 100 million users, you should be aware that your personal data may be leaked, according to the CyberNews report. Similarly, the Find My Kids: Child GPS Watch & Phone Tracker app has more than 10 million downloads, but has also been affected by incorrect settings, according to the report. Users should also be aware of Hybrid Warrior: Dungeon of the Overlord and Remote for Roku: Codematics, among other apps, as they appear to have been affected by the security flaw.