Avast found 19,300 apps on Google Play Store had misconfiguration in their Firebase database, putting personal information at risk of theft
Google Play Store is considered the safest source for downloading apps on Android devices, but there are apps listed on the store that can put your device's security at risk. While Google vets its app store, there are malicious or faulty apps present on the platform that can be dangerous.
Digital security company Avast had recently found vulnerabilities in more than 19,000 apps on the platform with a crucial misconfiguration that can potentially leak users' personal information.
Avast said that it found over 19,300 Android apps exposing user data to the public due to a misconfiguration of the Firebase database. Firebase is a tool Android developers can use to store user data.
“Data exposed can include personally identifiable information (PII) collected by the apps, such as names, addresses, location data, and in some cases even passwords. Avast notified Google of its findings so they could inform app developers to take corrective action," Avast said in a recent statement.
The misconfiguration affects a broad range of apps, related to lifestyle, workout, gaming, mail, food delivery, and more. The issue was seen in regions worldwide including in Europe, South-East Asia and Latin America.
Developers can use Firebase while developing mobile and web apps for Android devices, and they can keep their Firebase implementation visible to other developers. The information on the database, is thus, public.
When Avast Threat Labs researchers looked at 180,300 publicly available Firebase instances, they found that over 10 per cent (19,300) were open, exposing the data to unauthenticated developers. These were open due to misconfiguration by the app developers.
These open instances put the data stored and used by the apps developed with Firebase at risk of theft. The data these apps store can include a variety of information such as names, birthdates, addresses, phone numbers, location information, service tokens and keys among other things that could be exposed by this. In some instances, records can even contain passwords in plain text if the developer did not follow best security practices.
“Each one of these open instances is a data breach event waiting to happen and can pose critical business, legal and regulatory risks if they happen. Potentially the personal information of over 10 per cent of users of Firebase-based apps could be at risk," explained Vladimir Martyanov, Malware Researcher at Avast.
Avast warned developers to stay informed about potential risk of misconfigured databases and follow the best practices provided by Google.
Meanwhile, users can follow certain practices to stay safe from poorly developed or malicious apps:
Do not download apps from Google Play Store without verifying them. Read the details provided carefully. Unsafe apps will have badly written details and maybe even spelling mistakes.
Do not trust apps that offer rewards without asking you to pay anything or very little.
Read user reviews before downloading an app.
Be careful with app permissions. Do not give a permission that can leak your data.
Use a trusted anti-virus software on your mobile phone.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint.
our App Now!!