21 May 21, 11:29
Quote:More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations.
That’s according to Check Point Research, whose researchers found that emails, chat messages, location data, passwords, photos, personal data and more were all available to anyone with an internet connection. Worryingly, after being contacted by the firm, only “a few” of the apps have changed their settings to make the information private.
Researchers also found push-notification and cloud-storage keys embedded in a number of Android applications, which put developers’ own internal resources, such as access to update mechanisms, storage and more, at risk.
“Modern cloud-based solutions have become the new standard in the mobile application development world,” researchers explained in a blog, posted Thursday. “Services such as cloud-based storage, real-time databases, notification management, analytics and more are simply a click away from being integrated into applications. Yet, developers often overlook the security aspect of these services, their configuration, and of course, their content.”
The depth of the data at risk across the apps is such that a range of follow-on attacks could be possible, from using credentials against other accounts to social engineering and fraud/identity theft, researchers said.
“This discovery underscores the importance of security-focused app testing and verification,” said Chenxi Wang, general partner at Rain Capital, via email. “Developers don’t always know the right things to do with regard to security. The app platforms like Google Play and Apple App Store must provide deeper testing as well as incentivizing the right behavior from developers to build security in from the beginning.”
Read more: 100M Android Users Hit By Rampant Cloud Leaks | Threatpost