Data from 100 million Android app users exposed

Very popular applications, having sometimes been downloaded more than 10 million times, suffer from serious security holes. Their developers did not protect access to users’ personal data on third-party cloud services.

Emails, geolocation data, passwords, photos, message exchanges, personal data … These are the personal information of 100 million users of popular applications for Android, which are not protected from possible capture by pirates. Detected by the research laboratory of the security company Check Point, this huge flaw concerns applications, some of which reach up to 10 million downloads.

In all, 23 applications for Android would be affected by these security deficiencies. You can find everything, like Astro Guru, an astrology, horoscope, and palmistry application, downloaded over 10 million times. After users enter their personal information such as name, date of birth, gender, home, email address, and payment details, Astro Guru provides them with a personal astrology report and horoscope. . Unfortunately, this is all personal data that is not protected.

Another download champion, Screen Recorder allows the user to record the screen of the user’s device and store the recordings on a cloud service. While accessing screen recordings via the cloud is a convenient feature, users’ private passwords reside on the same cloud service that stores the recordings. Annoying … This is also the case with T’Leva, a taxi booking application that has been downloaded over 50,000 times. Check Point researchers were able to access conversations between drivers and passengers and retrieve users’ full names, phone numbers, and locations – destination and pickup.

Data from
E-mail address, geolocation, age… Here is the personal information that the researchers were able to collect on the real-time databases of the Astro Guru astrology application. 
© Check Point Research

Third-party cloud service security forgotten by developers

It all stems from a glaring lack of securing third-party cloud storage services, including real-time database processing. The same is true for services for managing the sending of notifications, for example. These are building blocks that can be easily integrated into applications by developers. But now, they completely neglect the security aspect of these third-party services and do not configure the data protection systems during their integration.

It is not only the personal data of users that is then at risk. Some features used by publishers are just as useful. A malicious person can easily access the notification updates mechanism, for example. It can be a disaster if the notification prompts you to activate an update that actually has a viral load. To invite them to correct the situation, Check Point contacted all the application editors. Currently, some, but not all, have taken care to tighten their security. Similarly, Google has been informed and has encouraged them to provide more in-depth tests for the reception of these applications on the Play Store.

For this kind of newly launched and Trending mobile phone or other gadgets news stay tuned with us. For any other queries regarding anything contact us.

#StayHome #StaySafe

Have a good day..!!!

Also read: 

What do you think?

Written by Shraddha Diwan

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

    Data analyst

    Data analyst or data scientist: which profession to choose?

    google pixel 5

    Google Pixel 5 Price, Full Specification, Mobile Review