 |
| Thousands of Android apps publish users data |
A new report indicated that using Android 4282 applications using the Google Firebase database hosted in the cloud has lost sensitive Google information about its users who did not know or did not know. This includes email addresses, username, password, phone number, full name, chat messages and website data.
The information comes from a poll by Bob Diachenko from the Security Discovery service in cooperation with the Compareitech website. The survey is the result of an analysis of 515,735 Android apps, which make up about 18% of all apps on Google Play. In the shop.
Compareitech said in its report: "4.8% of the mobile apps that use Google Firebase to store user data are not properly protected, so anyone can access the database that contains the user's personal information, in addition to accessing codes and other data. No password Or other authentication. "
Google acquired (Firebase) in 2014, which is a popular platform for developing mobile apps, because it provides a variety of tools that application developers can use to develop and store applications safely. Application data and files. Questions and interaction with users via messages in the application.
(Firebase) is said to make up 30% of all apps in the Google Play Store, making it the most popular storage solution among Android apps.
Since Android users have installed 4.22 billion poorly linked apps that differ between gaming, education, entertainment and business categories, the Compareitech website says: "Data protection for Android users is likely to be affected by at least one type of application."
Since (Firebase) is a tool that can be used on multiple platforms, researchers have also warned that incorrect settings can also affect iOS and web applications and that the entire database content includes 4,282 applications. Especially:
- Email address: more than 7 million.
- Username: more than 4 million.
- Password: more than a million.
- Phone number: more than 5 million.
- Full name: more than 18 million.
- Chat messages: more than 7 million.
- GPS data: more than 6 million.
- IP address: more than 200,000.
- Civil address: more than 600,000.
Of the 155,066 analyzed applications (Firebase), researchers found 11,730 applications with infected databases and 9,014 applications with write permissions that could allow attackers to inject malicious data and destroy the database. And spreading malware.
If the search engine index indexes the Firebase database URL, the situation becomes more difficult. For example, (Bing), which revealed the vulnerability of people on the Internet, and after Google released the results on April 22, the search giant said it was working with affected developers to fix the issue.