Thousands of Android and iOS apps are leaking sensitive data, says report
Aug 30, 2018

Thousands of Android and iOS apps are leaking sensitive data, says report

Thousands of Android and iOS apps are leaking sensitive data, says report

We probably hear a lot about the apps leaking the data. Most of the time you won't know until it's too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some We probably hear a lot about the apps leaking the data. Most of the time you won't know until it's too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some finding that apps ranging from finance to health, travel and messaging are included with their developers located around the world. Google has been notified with the full list of these apps that are putting user data at risk. It is unclear at the moment if Apple has also been updated with the list of unsecure iOS apps.

On the recent findings of security firm Appthority, firebase is one of the most popular backend database technologies but does not secure user data by default. Developers must secure all tables and all rows of data in order to avoid data exposure. And, unfortunately, it takes little effort for attackers to find open Firebase app databases and gain access to millions of private mobile data app records.

So, some solution to prevent the data leakage is required.

Some suggested solutions are:

  • Securing real-time databases with Firebase.
  • Mimecast's data loss prevention (DLP) technology scans all outgoing email attachments to encrypt or block sensitive information, including customer lists, code names, personally identifiable information and other types of sensitive data.
  • Cyberoam data leakage prevention solution offer Layer 8 Identity-based policies based on username and work requirement to help protect sensitive data.
640

In 2017, the Appthority Mobile Threat Team (MTT) discovered the HospitalGown vulnerability named for data leaking through backend data stores that are unsecured. The Firebase data exposure is a new variant of HospitalGown that occurs when mobile app developers fail to require authentication to a Google Firebase cloud database.

Sakshi

Entrepreneurial technocrat with more than 3.5 years of experience in different roles – Development and Team management.

Our Latest Blog

5 Factors to look Out for before hiring Mobile Apps
5 Factors to look Out for before hiring Mobile Apps

5 Factors to look Out for before hiring Mobile Apps

Thousands of Android and iOS apps are leaking sensitive data, says report
Thousands of Android and iOS apps are leaking sensitive data, says report

Thousands of Android and iOS apps are leaking sensitive data, says report

How Voice Search will Improve Your Apple Store App Experience
How Voice Search will Improve Your Apple Store App Experience

How Voice Search will Improve Your Apple Store App Experience

Our Latest Blog

5 Factors to look Out for before hiring Mobile Apps
5 Factors to look Out for before hiring Mobile Apps

5 Factors to look Out for before hiring Mobile Apps

Thousands of Android and iOS apps are leaking sensitive data, says report
Thousands of Android and iOS apps are leaking sensitive data, says report

Thousands of Android and iOS apps are leaking sensitive data, says report

How Voice Search will Improve Your Apple Store App Experience
How Voice Search will Improve Your Apple Store App Experience

How Voice Search will Improve Your Apple Store App Experience

AJAY

AKHIL

If you don’t like contact forms, we feel you.

mail: info@appventurez.com

Phone: +91 120 41 577 46

Get in touch

We are friendly and highly client-oriented. Your letter or requests will never remain unreplied.

Attachment
  Send me NDA

Our Global Presence

India (HQ)

Logix Infotech Park, 1st Floor, Plot No.- D-5, Sector 59, Noida, Uttar Pradesh 201301

+91 120 41 577 46

Australia

5 Taunton Place, Craigieburn, Victoria 3064, Australia

+61 3 9013 3899

Germany

Frauengartenstr. 2, Hechingen, Baden-Wuerttemberg, Germany 72379

+49 7471 9699793

USA

5440-F Thornwood Drive

San Jose, CA 95123

+1-512-823-1002