In the latest reports, it was found that the data of over 100 million Android users was critically exposed as a result of misconfiguration of third-party cloud services in numerous Android apps.
Android apps jeopardized data of millions:
Security experts from Check Point Research have reported the shocking revelation of massive user-data compromises in several Android apps.
According to Check Point, the researchers studied and analyzed the data of 23 Android apps and discovered that these applications left the data of millions of Android users heavily jeopardized or exposed attributing to the poor use of best security practices in these apps.
To protect user data, it is extremely vital that app developers give utmost priority to privacy and security while configuring and integrating third-party cloud services into the apps.
Reportedly, the apps that were taken up for the analysis were ranging from 10 million to 10000 downloads per app, meaning that the analysis was considered for some of the most downloaded to least downloaded Android apps.
The data that was compromised consisted of sensitive information like emails, chat messages, location, passwords, and photos.
While it is concerning that such sensitive information was directly exposed for threat actors to deploy cyber threat attacks, the developer data, such as internal resources, such as access to update mechanisms, storage, etc was also equally exposed, as was detected in the security analysis.
Prominent apps follow suit:
Some of the top Android apps that the researchers found with the misconfigurations include Logo Maker, Astro Guru, T’Leva. Check Point researchers also detected out that apps like Astro Guru heavily jeopardized user data such as user ID, date of birth, gender, location, email, and payment details.
Taxi app T’Leva also put data such as user IDs, phone numbers, and locations (destination and pick-up) of over 50,000 users at risk. The data of other apps such as Screen Recorder and iFax too are at risk.
According to the security research firm, Google has been notified regarding the massive user data compromise owing to these misconfigured apps while subsequently, some of the apps have already enhanced the configuration and security measures.