100M Android Users Exposed in Misconfigured Cloud Databases

Julija A. Image
ByJulija A.
May 28,2021

Check Point Software Technologies researchers gained access to the data of over 100 million Android users due to misconfigured cloud-based storage solutions. They published their findings on May 20, citing 23 highly sought-after mobile apps as dangerous for internal user data due to oversights in cloud-based-storage security configurations. Real-time databases, cloud-based storage, and notification managers were misconfigured, leaving both developers and users exposed. Both secret and access keys were embedded in the same service that stores personal data.

The mishandling of these cloud-based solution services revealed personal information like passwords, email addresses, device location, private messages, user identifiers, and more. For example, Astro Guru - an astrology app downloaded more than 10 million times - exposed its users’ personal info and payment details due to unsecured syncing, which could have been avoided with appropriate identity theft protection. Similarly, Check Point’s researchers managed to acquire chat messages exchanged between drivers and passengers on the T’Leva taxi app. Over 50,000 users had their in-app correspondence leaked with a single request sent to the app’s real-time database. Users’ full names, locations, and phone numbers were also contained in the leak. The last example is a screen-recording and storing app called Screen Recorder; the app has over 10 million users. Its developers embedded access keys in the same database they used to store recordings, essentially offering them to anyone who decided to look.

Cloud storage on mobile apps is a very convenient solution for developers. However, this widespread mishandling of configuration and implementation put both developer and user data at risk. Check Point Software researchers have found dozens of cases where developers tried to hide how they keep cloud service keys in their apps by providing a solution that doesn’t fix the issue. Researchers had contacted Google and app developers before they published their findings. However, only a few apps have evaluated their configuration since.

About the author

Julia A. is a writer at SmallBizGenius.net. With experience in both finance and marketing industries, she enjoys staying up to date with the current economic affairs and writing opinion pieces on the state of small businesses in America. As an avid reader, she spends most of her time poring over history books, fantasy novels, and old classics. Tech, finance, and marketing are her passions, and she’s a frequent contributor at various small business blogs.

More from news

As people continue to feel the effects of the pandemic, many small business owners are struggling to keep their businesses afloat. The US Congress is considering House Bill 3807 to help small businesses with a $42 billion relief package. Erika Polmar, the Independent Restaurant Coalition executive director, said this bill would be a "lifeline" for around 2,700 independent restaurants in Oregon that applied for relief last year but never received it. House Bill 3807 now has to pass the US Senate, and we’ve yet to see how much relief small businesses will actually receive. If this bill passes, it will provide much-needed relief to small businesses across the country. As Polmar said: "The future of our industry, the 216,000 jobs that restaurants and bars provide Oregonians, are in jeopardy if we don’t replenish this fund."  If voted in, House Bill 3807 would help the Restaurant Revitalization Fund and support many other businesses impacted by the pandemic. With this bill, small business owners could apply for grants to cover expenses such as payroll, rent, and utilities, letting them avoid getting unfavorable loans to keep their business running. This would be a massive relief for many small businesses that have been struggling to stay open during the pandemic. And although many of them are busy again, they are now facing serious problems with inflation. "All of those costs have skyrocketed. So, what you may have seen happening in 2019 as a really great banner night is now barely making ends meet," said Polmar. Dwayne Thomas, the president of the Live Events Coalition, commented on the bill, saying: "We’re just in debt up to the hilt trying to stay open and relevant as now we’re going back to work. We’re going back to work amid a worker shortage, amid all kinds of supply chain issues, and we’re going back to work quite quickly." He also said that the $13 billion would be allocated to different businesses and divided into three rounds. The first round of relief will go to those who lost 80% or more of their income within the past two years.
By Goran · April 14,2022
According to the most recent data from the Bureau of Labor Statistics, February 2022 saw significant job growth.
By Vladana Donevski · March 10,2022
Despite some progress over the years, the gender gap persists in finance programs at top business schools.
By Julija A. · February 08,2022

Leave your comment

Your email address will not be published.


There are no comments yet