Unsecure Android applications are not uncommon in 2021. However, bad coding practices can have devastating consequences on the end users. According to Check Point Research report, 23 Android with poor cloud configurations and implementations have left millions of users’ data at risk. The report indicates that information leak includes email records, chat messages, location information, user IDs, passwords, and images. In this article at The Hacker News, Ravie Lakshmanan shares an in-depth insight into the report.
More than half the Android apps have over 10 million downloads each. So, the scope of affected users is massive. Check Point Research report reveals that these applications may have exposed more than 100 million users’ data. Furthermore, most of the apps that had real-time databases had security vulnerabilities. The researchers have found that they had free access to information in over half of the surveyed databases.
“What’s more, the researchers found that app developers embedded keys required for sending push notifications and accessing cloud storage services straight into the apps,” says Lakshmanan. This will allow cybercriminals to send rogue notifications to users on behalf of the developers and direct them to a phishing page. This misconfiguration can be an entry point for more sophisticated threats.
On the contrary, Check Point Research has already informed Google about these apps. As a result, some apps have changed their configuration to make their users’ data safe.
Diverse Attack Points
As mobile devices are increasingly important, they have received additional attention from threat actors. Cybersecurity professionals believe that mobile devices can be attacked in different ways. This includes network-level attacks, malicious apps, and exploitation of vulnerabilities within devices and the mobile operating system. In other words, cybercrime against mobile devices has become more diverse.
To read the original article, click on https://thehackernews.com/2021/05/these-23-android-apps-expose-over.html.