Thousands of Android and iOS apps are leaking sensitive data, says report - Appventurez
CONTACT

Thousands of Android and iOS apps are leaking sensitive data, says report

Sakshi By Sakshi | March 8, 2019

We probably hear a lot about the apps leaking the data. Most of the time you won’t know until it’s too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some We probably hear a lot about the apps leaking the data. Most of the time you won’t know until it’s too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some finding that apps ranging from finance to health, travel and messaging are included with their developers located around the world. Google has been notified with the full list of these apps that are putting user data at risk. It is unclear at the moment if Apple has also been updated with the list of unsecure iOS apps.

On the recent findings of security firm Appthority, firebase is one of the most popular backend database technologies but does not secure user data by default. Developers must secure all tables and all rows of data in order to avoid data exposure. And, unfortunately, it takes little effort for attackers to find open Firebase app databases and gain access to millions of private mobile data app records.

So, some solution to prevent the data leakage is required.

Some suggested solutions are:

  • Securing real-time databases with Firebase.
  • Mimecast’s data loss prevention (DLP) technology scans all outgoing email attachments to encrypt or block sensitive information, including customer lists, code names, personally identifiable information and other types of sensitive data.
  • Cyberoam data leakage prevention solution offer Layer 8 Identity-based policies based on username and work requirement to help protect sensitive data.

In 2017, the Appthority Mobile Threat Team (MTT) discovered the HospitalGown vulnerability named for data leaking through backend data stores that are unsecured. The Firebase data exposure is a new variant of HospitalGown that occurs when mobile app developers fail to require authentication to a Google Firebase cloud database.

Sakshi
Sakshi

Lead Android developer at Appventurez. Extremely talented, passionate and serves as an important pillar in delivering Android solutions. A team leader who is leading the Android team which has delivered back to back projects.

⚡️ by Appventurez

Leave a Reply

Please rate*

Your email address will not be published. Required fields are marked *

Hey there! This is Sakshi, author of this blog. Leave your email address and we'll keep you posted on what we're up to.

This will subscribe you to Appventurez once-a-month newsletter. You can unsubscribe anytime. And we promise not to pester you or share your data :)

Hey there, wondering where this article came from? It was produced by some people at Appventurez, a Mobile & Web App Development Company. We are here for solutioning of your technological needs.

Our Latest Blog

what is the process of transforming ios app to android
How To Convert iOS App To Android?

Android and iOS - The bittersweet relation between the two trendsetters of the ...

Read more
10 Killer Tricks: How To Create A Lucrative Retail App In 2021

Whether you have a boutique in a beach town or a cosmetic store in the city, yo...

Read more
mobile app rewriting vs refactoring
Mobile App Rewriting Vs Refactoring: A Clash To Modernize A Legacy App!

Table Of Contents -Mobile App Rewriting Vs Refactoring: Both Are Not Synonym...

Read more

We’re your neighbor

Appventurez is a well known mobile app development company in the USA and India that works to build strong, long-lasting relations with its clients in different locations.

india flag appventurez
India (HQ)

Logix Infotech Park, 1st Floor, Plot No. D-5, Sector 59, Noida, Uttar Pradesh 201301

Inquiries : +91-9899 650980

5 Taunton Place Craigieburn VIC Australia

Inquiries : +1-815-283-8355

Office #216 Regus Tower Bank Street, Doha Qatar

Inquiries : +974-33497259

usa flag appventurez
USA

12501 W Chandler Blvd, Suite 200 Valley Village, CA 91607 USA

Inquiries : +1-888-822-1022

Rimal 5 Jumeirah Beach Residence 2 Dubai

Inquiries : +1-815-283-8355

south africa flag appventurez
South Africa

3 monterrey Complex, 63 Montrose Avenue, Northgate, Johannesburg, 2191

Inquiries : +27 737 810 945

7 Hanover House, Chapel Street, Bradford BD1 5DQ, United Kingdom

Inquiries : +1-815-283-8355

Netherlands flag appventurez
Netherlands

Amstelveen, Netherlands

Inquiries : +31-(0)-61-020-9692

Calle Ambar 2711, Av Victoria, 45089, Zapopan, Jalisco, Mexico

Inquiries : +521 332 393 9998

ghana flag appventurez
Ghana

North Industrial Area, Otublohum Road, Opposite Melcom Plus, Accra, Ghana

Inquiries : +27 737 810 945

appventurez worldwide presence
india flag appventurez
India (HQ)

Logix Infotech Park, 1st Floor, Plot No. D-5, Sector 59, Noida, Uttar Pradesh 201301

Inquiries : +91-9899 650980

5 Taunton Place Craigieburn VIC Australia

Inquiries : +1-815-283-8355

Office #216 Regus Tower Bank Street, Doha Qatar

Inquiries : +974-33497259

usa flag appventurez
USA

12501 W Chandler Blvd, Suite 200 Valley Village, CA 91607 USA

Inquiries : +1-888-822-1022

Rimal 5 Jumeirah Beach Residence 2 Dubai

Inquiries : +1-815-283-8355

south africa flag appventurez
South Africa

3 monterrey Complex, 63 Montrose Avenue, Northgate, Johannesburg, 2191

Inquiries : +27 737 810 945

7 Hanover House, Chapel Street, Bradford BD1 5DQ, United Kingdom

Inquiries : +1-815-283-8355

Netherlands flag appventurez
Netherlands

Amstelveen, Netherlands

Inquiries : +31-(0)-61-020-9692

Calle Ambar 2711, Av Victoria, 45089, Zapopan, Jalisco, Mexico

Inquiries : +521 332 393 9998

ghana flag appventurez
Ghana

North Industrial Area, Otublohum Road, Opposite Melcom Plus, Accra, Ghana

Inquiries : +27 737 810 945

10 Global Offices

Across 124 territories and 33.6k global workspace

700+ Worldwide clients

Largest International clients

24 x 7 Availability

Effective support, anytime