According to a Check Point Research reportMany popular Android apps put your personal data at risk due to poorly secured third-party services.

The report highlights various security vulnerabilities affecting 23 different apps available on Google Play, each with 50,000 to 10 million downloads. Most of the affected apps collect and store user information, developer data, and internal company resources using unsecured real-time databases and cloud storage services. The security researchers were able to find the unsecured cloud databases from 13 apps, so that external actors can also access them.

Other apps have misconfigured push notification managers that allow hackers to intercept and modify seemingly legitimate notifications from developers to include malware, phishing links, or misleading content.

These vulnerabilities put at least 100 million Android users at risk with fraud, identity theft, and malware attacks.

Which Android apps are putting your data at risk?

Check Point Research said it found one or more of these bugs in 23 apps, 13 of which had real-time open databases. However, the report only calls five of these apps by name:

G / O Media can receive a commission

  • Astro Guru: A horoscope app with over 10 million downloads. It stores every user’s full name, date of birth, gender, GPS location, email address, and payment information.
  • iFax: A mobile fax app that stores all documents sent by more than 500,000 users in an accessible cloud database – with the cloud storage keys embedded in the app.
  • Logo Maker: A graphic design app with over 170,000 users. Check Point has determined that all full names, account IDs, emails, and passwords of all users are accessible.
  • Screen recorder: This app has more than 10 million downloads. The report found that account passwords are stored in the same cloud service that stores the recordings made by the app, making them vulnerable.
  • T’Leva: This taxi app from Angola with more than 50,000 downloads makes the text history between drivers and drivers, location data, full names and phone numbers accessible.

Check Point notified the app creators, but only Astro Guru responded and all apps are still available on Google Play.

What should Android users do to keep their data safe?

The first step is to stop using the apps mentioned in Check Point Research’s report. However, since only five are named, it means that at least 18 others are storing your data without the proper security precautions.

And that’s exactly what we know from the Check Point report – there are likely far more apps, websites, and services with misconfigured databases that we won’t find out about until after a leak.

While the Check Point Research report and similar reports may alert developers to unsafe data storage practices, it is ultimately up to the developers to correct the problem. However, no matter which apps they are using, users can take preventative measures to protect their personal information and other important data:

  1. To use Two-factor authentication (2FA) whenever possible.
  2. Withhold personal information from your accounts (for example, don’t add your home address if a service doesn’t need it) or use fake information whenever possible.
  3. Create unique passwords for each account and Use an encrypted password manager.
  4. Don’t link third party accounts like Google, Facebook, and Twitter if you can avoid it.
  5. To keep App permissions to the bare minimum.
  6. To use Services that notify you of breaches and compromised accounts.

These extra steps won’t stop a breach, but they can reduce your risk of identity theft, fraud, and other scams. We also have guides on prevention and Responding to data breaches, Ransomware Attacks, Malware, and Identity theftand how to recognize common Phishing Tactics and Other Scams Online.

[Threat Post]