EconomyFinancialData from 100 million Android users were exposed in...

Data from 100 million Android users were exposed in the cloud

The incident was due to a series of wrong security configurations of cloud services of some applications.

The personal data of more than 100 million Android mobile users have been exposed through a series of erroneous security configurations of third-party cloud services in applications for this operating system.

The information exposed by these databases included emails, chat messages, location, passwords and photos, which, in the hands of cybercriminals, could lead to fraud, identity theft and theft of services, as the company has warned of cybersecurity Check Point in a statement.

The problem is due to app developers who have exposed both their own data and the private information of millions of users by not following good practices by configuring and integrating third-party cloud services in their applications.

Specifically, the information came from the deconfiguration of real-time databases, which allow app creators to store information in the cloud, in order to ensure that they are synchronized in real time with all connected clients.

Investigating the content of certain apps that were publicly available, Check Point Research researchers found that a large amount of sensitive information was accessible, including email addresses, passwords, private chats, device location, user identifiers, and much more. more.

If a cybercriminal manages to get to this information, it could lead to a service deletion (that is, trying to use the same username and password combination in other services), fraud or identity theft.

Affected apps

The applications affected by the deconfiguration of their real-time databases have a sum of more than 100 million downloads from Android devices.

One of the apps that presents this configuration error is ‘Astro Guru’, a popular astrology, horoscope and palmistry application with more than 10 million downloads, which exposed data entered by its users to receive predictions.

Through ‘T’Leva’, a taxi app with more than 50,000 downloads, Check Point Research researchers were able to access chat messages between drivers and passengers and retrieve the full names of users, their phone numbers and their locations (destination and pickup), all with a single request to the database.

Another vulnerable application, with more than 10 million downloads, is ‘Screen Recorder’, which is used to record the screen of the user’s device and store the recordings in a cloud service, and which exposed the keys that give access to the stored recordings.

Follow the news of El Espectador on Google News

Another example is ‘iFax’, which not only had cloud storage access data embedded in the app, but also stored all fax transmissions there. With just a glance at the app, a cybercriminal could access each and every document sent by the 500,000 users who installed it.

The cybersecurity company has warned about the exposure of this type of information, which would allow users to receive attacks through the ‘push’ notifications of their mobile.

Following the discovery, Check Point Research contacted Google and each of the developers, prior to publishing this article. In fact, some have already changed their configuration, as indicated by the cybersecurity company.

Motorola Edge 30 Ultra: this is what a 200 MP camera looks like

The company unveiled three new devices in the Edge 30 family: Neo, Fusion and Ultra, which pay homage to color and 'natural' photography.

Review: Android 13, this is what Google's new operating system looks like

The version is now available for Pixel devices and is an update on some privacy, security and photography tools.

Beware: these 35 applications have malicious software and it is recommended to delete them

These malicious Android apps hide their identity on your phone or tablet.

#BREAKING: 13 Android 13 news

Both phones and tablets will have news thanks to the new Android 13 update.

What is the best-selling smartphone brand in Mexico? In 2022 these are the most...

After resisting for three years, Huawei fell from the top 3 in the domestic smartphone market. Instead Apple managed to move up one spot.