100M Android Users Exposed in Misconfigured Cloud Databases

android users exposed cloud databases featured image news

Check Point Software Technologies researchers gained access to the data of over 100 million Android users due to misconfigured cloud-based storage solutions. They published their findings on May 20, citing 23 highly sought-after mobile apps as dangerous for internal user data due to oversights in cloud-based-storage security configurations. Real-time databases, cloud-based storage, and notification managers were misconfigured, leaving both developers and users exposed. Both secret and access keys were embedded in the same service that stores personal data.

 

The mishandling of these cloud-based solution services revealed personal information like passwords, email addresses, device location, private messages, user identifiers, and more. For example, Astro Guru – an astrology app downloaded more than 10 million times – exposed its users’ personal info and payment details due to unsecured syncing, which could have been avoided with appropriate identity theft protection. Similarly, Check Point’s researchers managed to acquire chat messages exchanged between drivers and passengers on the T’Leva taxi app. Over 50,000 users had their in-app correspondence leaked with a single request sent to the app’s real-time database. Users’ full names, locations, and phone numbers were also contained in the leak. The last example is a screen-recording and storing app called Screen Recorder; the app has over 10 million users. Its developers embedded access keys in the same database they used to store recordings, essentially offering them to anyone who decided to look.

 

Cloud storage on mobile apps is a very convenient solution for developers. However, this widespread mishandling of configuration and implementation put both developer and user data at risk. Check Point Software researchers have found dozens of cases where developers tried to hide how they keep cloud service keys in their apps by providing a solution that doesn’t fix the issue. Researchers had contacted Google and app developers before they published their findings. However, only a few apps have evaluated their configuration since.


Julia A. is a writer at SmallBizGenius.net. With experience in both finance and marketing industries, she enjoys staying up to date with the current economic affairs and writing opinion pieces on the state of small businesses in America. As an avid reader, she spends most of her time poring over history books, fantasy novels, and old classics. Tech, finance, and marketing are her passions, and she’s a frequent contributor at various small business blogs.