CONTACT
ao

Thousands of Android and iOS apps are leaking sensitive data, says report

By Sakshi | March 8, 2019
ios app development

We probably hear a lot about the apps leaking the data. Most of the time you won’t know until it’s too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some We probably hear a lot about the apps leaking the data. Most of the time you won’t know until it’s too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some finding that apps ranging from finance to health, travel and messaging are included with their developers located around the world. Google has been notified with the full list of these apps that are putting user data at risk. It is unclear at the moment if Apple has also been updated with the list of unsecure iOS apps.

On the recent findings of security firm Appthority, firebase is one of the most popular backend database technologies but does not secure user data by default. Developers must secure all tables and all rows of data in order to avoid data exposure. And, unfortunately, it takes little effort for attackers to find open Firebase app databases and gain access to millions of private mobile data app records.

So, some solution to prevent the data leakage is required.

Some suggested solutions are:

  • Securing real-time databases with Firebase.
  • Mimecast’s data loss prevention (DLP) technology scans all outgoing email attachments to encrypt or block sensitive information, including customer lists, code names, personally identifiable information and other types of sensitive data.
  • Cyberoam data leakage prevention solution offer Layer 8 Identity-based policies based on username and work requirement to help protect sensitive data.

In 2017, the Appthority Mobile Threat Team (MTT) discovered the HospitalGown vulnerability named for data leaking through backend data stores that are unsecured. The Firebase data exposure is a new variant of HospitalGown that occurs when mobile app developers fail to require authentication to a Google Firebase cloud database.

Sakshi

Leave a Reply

Your email address will not be published.

Our Latest Blog

what is runtime application self-protection
What Is RASP- Runtime Application Self-Protection?

Runtime Application Self-Protection, or RASP, is a cutting-edge security solutio...

Read more
digital-product-development company
How To Avoid Common Mistakes When Validating Digital Products Ideas?

The significance of accurate data is becoming increasingly clear as the percenta...

Read more
what is the difference between apis and microservices
What Is The Difference Between APIs And Microservices?

You've probably heard the phrases "APIs" and "microservices" used when talking a...

Read more

We’re your neighbour

Appventurez is a well known mobile app development company in the USA and India that works to build strong, long-lasting relations with its clients in different locations.

india flag appventurez
India (HQ)

Logix Infotech Park, 1st Floor, Plot No. D-5, Sector 59, Noida, Uttar Pradesh 201301

Inquiries : +91-9899 650980

5 Taunton Place Craigieburn VIC Australia

Inquiries : +1-424-903-8644

Office #216 Regus Tower Bank Street, Doha Qatar

Inquiries : +974-33497259

usa flag appventurez
USA

12501 W Chandler Blvd, Suite 200 Valley Village, CA 91607 USA

Inquiries : +1-424-903-8644

Rimal 5 Jumeirah Beach Residence 2 Dubai

Inquiries : +1-424-903-8644

south africa flag appventurez
South Africa

3 monterrey Complex, 63 Montrose Avenue, Northgate, Johannesburg, 2191

Inquiries : +27 737 810 945

7 Hanover House, Chapel Street, Bradford BD1 5DQ, United Kingdom

Inquiries : +1-424-903-8644

Netherlands flag appventurez
Netherlands

Amstelveen, Netherlands

Inquiries : +31-(0)-61-020-9692

Calle Ambar 2711, Av Victoria, 45089, Zapopan, Jalisco, Mexico

Inquiries : +521 332 393 9998

ghana flag appventurez
Ghana

North Industrial Area, Otublohum Road, Opposite Melcom Plus, Accra, Ghana

Inquiries : +27 737 810 945

appventurez worldwide presence
india flag appventurez
India (HQ)

Logix Infotech Park, 1st Floor, Plot No. D-5, Sector 59, Noida, Uttar Pradesh 201301

Inquiries : +91-9899 650980

5 Taunton Place Craigieburn VIC Australia

Inquiries : +1-424-903-8644

Office #216 Regus Tower Bank Street, Doha Qatar

Inquiries : +974-33497259

usa flag appventurez
USA

12501 W Chandler Blvd, Suite 200 Valley Village, CA 91607 USA

Inquiries : +1-424-903-8644

Rimal 5 Jumeirah Beach Residence 2 Dubai

Inquiries : +1-424-903-8644

south africa flag appventurez
South Africa

3 monterrey Complex, 63 Montrose Avenue, Northgate, Johannesburg, 2191

Inquiries : +27 737 810 945

7 Hanover House, Chapel Street, Bradford BD1 5DQ, United Kingdom

Inquiries : +1-424-903-8644

Netherlands flag appventurez
Netherlands

Amstelveen, Netherlands

Inquiries : +31-(0)-61-020-9692

Calle Ambar 2711, Av Victoria, 45089, Zapopan, Jalisco, Mexico

Inquiries : +521 332 393 9998

ghana flag appventurez
Ghana

North Industrial Area, Otublohum Road, Opposite Melcom Plus, Accra, Ghana

Inquiries : +27 737 810 945

10 Global Offices

Empowering our vision through global exposure.

300+ Worldwide clients

Largest International clients

24 x 7 Availability

Effective support, anytime