Researchers have recently discovered that Android apps cloud misconfigurations, putting 100 million users at risk of data being disclosed. According to the cybersecurity firm Check Point Research post from yesterday, the research team discovered from last few months, many application developers are putting users at risk by not adhering to the practice when configuring 3rd party cloud services into the applications, hence, many users’ data are exposed.
It is reported that no less than 23 popular mobile apps contained misconfigurations of third-party cloud services. A great shift to cloud services was due to the global pandemic, many services are remotely working from home, though the cloud services provide good data management and storage, but the developers neglect and left the apps vulnerable that leak millions of users’ data.
Image credit: Check Point Research
According to the cybersecurity firm, those apps listed by them like Logo Maker, Astro Guru, and T’Leva, leaked users’ data publicly such as email, chat messages, location information, user IDs, passwords, and images. For example, like what they have shared in a taxi service app, the cybersecurity team sent a request to the app’s database, and all the driver’s and user’s messages, names, phone numbers, and locations are pulled up.
The cybersecurity firm said that those leaked data may lead to data theft, this may result from the threat actors gaining access into other services like using the same username or password. The firm already informed the app developers of the misconfigurations before disclosure and some of them tighten up the services.