1. Home
  2. >>
  3. android
  4. >>
  5. 14 of the best Android apps don’t protect users’ sensitive data

14 of the best Android apps don’t protect users’ sensitive data



14 of the best Android apps don’t protect users’ sensitive data

Security researchers of CyberNews they found that 14 of the best Android appsdownloaded by over 140 million people in total, they do not protect user data due to incorrect Firebase configurations. The data exposed potentially includes usernames, emails, usernames and more.

14 Android apps put user data at risk

If you have an Android app installed on your smartphone (who doesn’t have one?), You are most likely using Firebase. With a monthly active base of over 2.5 million apps, Firebase is a mobile application development platform that offers a multitude of useful features, including real-time analytics, hosting, and cloud storage.

In 2014, the platform was acquired by Google and has since become one of the most popular real-time data storage solutions on the market for Android apps. Using Firebase, developers can conveniently store authentication tokens, user credentials in the cloud; personal data and other types of information relating to apps.

  The latest beta version of Apple Music for Android includes support for Android Auto

In light of this, the CyberNews team decided to analyze over a thousand major apps on Google Play and see how many were storing their data on Firebase real-time databases in an insecure way. And we already tell you that the news is not at all positive.

According to reports from CyberNews, 14 of the best Android appswith a total of 142.5 million installations, they had Firebase configuration errors. Thus allowing investigators and anyone who knows the right URL to access the databases in real time. Consequently also to all user information stored without any type of authentication.

On September 14, CyberNews researchers reported their findings to Google and offered to help the developers of the exposed apps protect their databases in real time. Unfortunately, Google ignored the offer and did not respond.

  Genshin Impact confirms its launch next September on PC, Android and iOS

The consequence is that 9 of the 14 most popular Android appswho did not respond to requests from CyberNews and which could only be protected with the assistance of Google, they continue to disclose the data of over 30.5 million users.

The apps that solved the problem immediately

Here is an example of a horoscope app, installed by at least 500,000 users, whose exposed real-time database contains tables titled “chats” and “users”:

According to the CyberNews researcher Martynas Vareikisthis indicates that the app shows not only users’ data, but also their private messages to anyone who can access and use them as they like.

  With Android 12 it becomes easier to use alternative app stores

Other examples include Universal TV Remote Control, probably the most popular TV remote app with over 100 million downloads on Google Play. And Remote for Roku: Codematics, which has been installed by over one million Android users. Both apps suffered from Firebase login setup errors, resulting in potential user data loss.

Having your personal information left exposed is scary enough. But disclosing your children’s data and location to potential eavesdroppers can be much more dangerous. It is the case of Find My Kids: Child Cell Phone Location Tracker, a tracking app downloaded by at least 10 million parents. The app left the Firebase realtime database exposed for an unknown period of time.

  Motorola says goodbye to Symbian and welcomes Android

The app allows you to track the position of your childphone usage statistics, listen to a live audio stream from the phone’s microphone and call it when it’s off, all in real time. Such an app leaving its real-time database out in the open could lead to dire consequences for children.

Google never responded to the warnings

Fortunately, the developers of the four apps mentioned were notified by CyberNews and promptly deactivated the database. Find My Kids developers also added that they never used the Firebase database, which was created for a test. But unfortunately, the other nine apps did not respond to repeated warnings and they continue to have a database open to practically anyone.

  Kingdom Hearts mobile: a new game is coming for iOS and Android

Google, for its part, never responded to the survey. After the first email, to which the company replied automatically, the CyberNews team attempted to contact Google through their press office. Again the result was the same: an automatic reply email with no explanation.