New Delhi, 25th May 2021: There have been several incidents of data leaks in the last few days. It has now come to light that more than two dozen apps installed on 100 million Android devices have leaked users’ data.
Researchers at Checkpoint Research have released a list of these apps. It also includes some popular apps that were heavily downloaded. It is alleged that the hackers stole private information from the Android device. These devices include smartphones and tablets. The personal data of millions of users linked to these Android apps is available in a real-time database.
Checkpoint Research reports that some of these apps are related to astrology, fax, taxi services, and screen recording. These include the Astro Guru astrology app, T’Leva, the taxi-hailing app that has been downloaded more than 50,000 times, and the logo design app Logo Maker. Users’ private data is at risk due to errors in these apps. This includes information such as email, password, name, date of birth, gender information, private chat, device location, user identifiers.
The app collects user information and data. According to Checkpoint Richters, real-time databases allow app developers to store data in the cloud and ensure that it is connected to all connected clients in real-time. Often some developers neglect the security of the database. This causes problems and incorrect configuration allows for thieves, service swipes, and ransomware attacks on the entire database. Since this list includes a large number of popular apps, the chances of an attack are high.
Storing data is a different matter. However, since all these apps are connected to real-time databases, such things increase the risk of chat message exchange and hacking. Researchers were also able to easily find the full name, phone number, and location with T’Leva’s drivers and passengers’ chat. All they had to do was send a request to the database. This suggests that these apps are very weak in terms of security. In some apps, both ‘read’ and ‘write’ permissions were on. This gives hackers easy access. The report states, “This could lead to a compromise with the entire application. The reputation of the developer, their user base and their relationship with the hosting market is also not taken into consideration.”
Errors in these apps have also given hackers access to Push Notification Manager. Hackers can easily send notifications to all users like developers. As such, if users receive this notification through this app, they will not know that it has been sent by hackers and users will open it. Hackers can share such links with users, which will cause great harm to users.
Checkpoint Research has said a few things that will prevent user data from being stolen. So if you have these apps on your phone, delete them immediately and you can download them again after the bugs are fixed.