Examining the configuration of common Android apps, security researchers at CyberNews uncovered that 14 best Android apps with above 140 million collective installs are leaking delicate consumer information due to poor accessibility controls on their Firebase authentic-time database.
“Cellular app builders use Firebase real-time databases to keep consumer data, economic facts, and other kinds of delicate data. However, real-time databases are normally managed by builders with no security education, which can make them an easy focus on for malicious actors,” notes CyberNews.
We’re looking at how our audience use VPNs with streaming web sites like Netflix so we can enhance our material and give far better guidance. This survey will never choose additional than 60 seconds of your time, and we’d vastly value if you’d share your encounters with us.
According to the researchers, the misconfiguration enabled them to access the real-time databases and the information it houses about the users without being prompted for any kind of authentication.
Fire in the hole
CyberNews claims to have reached out to the developers of all fourteen apps, five of which have since secured access to their Firebase databases. However, since a majority of the developers didn’t respond to the researchers, CyberNews reached out to Google to solicit their help in getting the developers to fortify their databases.
“Unfortunately, Google has ignored our queries, and we have not heard from them since,” claims CyberNews, adding that the nine unsecured apps continue to leak data of their combined user base of over 30 million individuals.
“If you’re an app developer, always make sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests CyberNews researcher Martynas Vareikis.