Blog / iOS / Thousands of Android and iOS apps are leaking sensitive data, says report

Thousands of Android and iOS apps are leaking sensitive data, says report

We probably hear a lot about the apps leaking the data. Most of the time you won’t know until it’s too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some We probably hear a lot about the apps leaking the data. Most of the time you won’t know until it’s too late. App leaks involve the unauthorized or unintentional transfer of sensitive information from a mobile device to an Internet service. It is often the result of security measures being deprioritized in the app development process.

The main problem is the disclosure of sensitive information when mobile applications try to access them via android permissions. This situation tells us that these mobile applications will probably leak the sensitive data.

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

From games to news and navigation the global business which tops 140 billion dollar a year and approximately 10 million downloads per hour but with each download comes the risk of our private information leaking out. May be its leaking your username and password and your credit card information just by hitting a single button. Anything that they have put in the tool might be vulnerable. The recent study uncovered more than 200 mobile apps leaking personal data and many major brands are not protecting that data. It is may be due to the fact that there is so much time constraint in developing apps and cut-throat competition that developers are rushing into deploying final versions there is so much demand from each service provider to have an app available for their customers that there is a push their to deploy app to market. Some further study and findings suggest that most of the leaks close to 60 percent coming from news, sports and shopping apps.

But the most surprising fact is that about 85 percent of the data leaks that are their actually included a password. If you think about the combination of a username and password that’s all that you need as an attacker to get access to everything else that might link to people account.

While the list of all these apps hasn’t been released, there is some finding that apps ranging from finance to health, travel and messaging are included with their developers located around the world. Google has been notified with the full list of these apps that are putting user data at risk. It is unclear at the moment if Apple has also been updated with the list of unsecure iOS apps.

On the recent findings of security firm Appthority, firebase is one of the most popular backend database technologies but does not secure user data by default. Developers must secure all tables and all rows of data in order to avoid data exposure. And, unfortunately, it takes little effort for attackers to find open Firebase app databases and gain access to millions of private mobile data app records.

So, some solution to prevent the data leakage is required.

Some suggested solutions are:

  • Securing real-time databases with Firebase.
  • Mimecast’s data loss prevention (DLP) technology scans all outgoing email attachments to encrypt or block sensitive information, including customer lists, code names, personally identifiable information and other types of sensitive data.
  • Cyberoam data leakage prevention solution offer Layer 8 Identity-based policies based on username and work requirement to help protect sensitive data.

In 2017, the Appthority Mobile Threat Team (MTT) discovered the HospitalGown vulnerability named for data leaking through backend data stores that are unsecured. The Firebase data exposure is a new variant of HospitalGown that occurs when mobile app developers fail to require authentication to a Google Firebase cloud database.

Sakshi
Sakshi

⚡️ by Appventurez

Hey there! This is Eric, author of this blog. Leave your email address and we'll keep you posted on what we're up to.

This will subscribe you to Appventurez once-a-month newsletter. You can unsubscribe anytime. And we promise not to pester you or share your data :)

Hey there, wondering where this article came from? It was produced by some people at Appventurez, a Mobile & Web App Development Company. We are here for solutioning of your technological needs.

Our Latest Blog

5 Factors to look Out for before hiring Mobile Apps

Mobile applications have become an integral part of many businesses in today’...

Read more
Thousands of Android and iOS apps are leaking sensitive data, says report

We probably hear a lot about the apps leaking the data. Most of the time you wo...

Read more
How Voice Search will Improve Your Apple Store App Experience

Recently, Apple has been coming up with a lot of surprises for it’s users. Be...

Read more

Our Global Presence

USA

USA

5440-F Thornwood Drive San Jose, CA 95123

+1-512-823-1002
Australia

Australia

5 Taunton Place Craigieburn VIC Australia

+61 3 90 13 3899
Germany

Germany

Frauengartenstr. 2, Hechingen, Baden-Wuerttemberg, Germany 72379

+49 7471 9699793
Qatar

Qatar (HQ)

Office #216 Regus Tower Bank Street, Doha Qatar

+974-33497259
India

India (HQ)

Logix Infotech Park, 1st Floor, Plot No.- D-5, Sector 59, Noida, Uttar Pradesh 201301

+91 120 41 577 46

India (HQ)

Logix Infotech Park, 1st Floor, Plot No.- D-5, Sector 59, Noida, Uttar Pradesh 201301

+91 120 41 577 46

Australia

5 Taunton Place Craigieburn VIC Australia

+61 3 90 13 3899

Germany

Frauengartenstr. 2, Hechingen, Baden-Wuerttemberg, Germany 72379

+49 7471 9699793

USA

5440-F Thornwood Drive San Jose, CA 95123

+1-512-823-1002

Qatar

Office #216,Regus Tower, Bank Street, Doha Qatar

+974-33497259