These Popular Android Apps Put User Data at Risk

Many popular Android apps put your personal data at risk due to poorly secured third-party services, according to a report by Check Point Research .

The report highlights several different security flaws affecting 23 different apps available on Google Play, each with 50,000 to 10 million downloads. Most of the offending apps collect and store user information, developer data, and internal company resources through unsecured real-time databases and cloud storage. Security researchers have been able to find unsecured cloud databases from 13 applications, meaning outsider actors can also access them.

Other apps have misconfigured push notification managers that hackers can use to intercept and modify seemingly legitimate notifications from developers, bombard them with malware, phishing links, or misleading content.

These vulnerabilities put at least 100 million Android users at risk of fraud, identity theft, and malicious attacks.

Which Android apps put your data at risk?

Check Point Research reports that it found one or more of these flaws in 23 applications, 13 of which had open real-time databases. However, only five of these applications are named in the report:

  • Astro Guru: Horoscope app with over 10 million downloads. It stores each user’s full name, date of birth, gender, GPS location, email address, and payment information.
  • iFax: mobile application to send faxes in which all documents sent to more than 500 000 users are stored in the cloud accessible database with keys of cloud storage, built-in application.
  • Logo Maker: A graphic design app with over 170,000 users. Check Point discovered that the full names, account IDs, email addresses, and passwords of all users are available.
  • Screen Recorder: This app has been downloaded over 10 million times. The report showed that it stores the passwords of the accounts in the same cloud service where the records that the application makes are stored, making them vulnerable.
  • T’Leva: An Angola taxi calling app with over 50,000 downloads, leaving available the driver-passenger messaging history , location data, full names and phone numbers.

Check Point says it has notified the creators of the app, but only Astro Guru has responded and all apps are still available on Google Play.

What should Android users need to do to keep their data safe?

The first step is to stop using the applications listed in the Check Point Research report, but since only five are named, that means there are at least 18 others storing your data without adequate security measures.

And that’s just what we know from the Check Point report – there are probably many more applications, websites and services with misconfigured databases that we will never know about until a leak occurs.

While the Check Point Research report and others like it may alert developers to unsafe storage practices, developers must ultimately address this issue. However, users can take preventive measures to keep their personal information and other sensitive data safe, regardless of which applications they are using:

  1. Use two-factor authentication (2FA) whenever possible.
  2. Withhold personal information from your accounts (for example, don’t add your home address if you don’t need one) or use fake information whenever possible.
  3. Create unique passwords for each account and use an encrypted password manager .
  4. Don’t link third party accounts like Google, Facebook, and Twitter if you can avoid it.
  5. Keep app permissions to a minimum .
  6. Use services that notify you of hacked and compromised accounts.

These additional steps will not stop the hack, but they can reduce the risk of identity theft, scams, and other types of fraud. We also have a guide to prevent data breaches , attacks programs- extortionists , malware and identity theft , and respond to , as well as to identify common tactics of phishing and other online fraud .

[ Threat Message ]

More…

Leave a Reply