Leak-sensitive data on thousands of mobile applications



[ad_1]

According to a new report released this week by Appthority, thousands of mobile apps are fleeing many sensitive data, including personal health information, regular text messages and financial transactions. When the report blames app developers who have not correctly applied the authentication rules in the Google Firebase database, which renders the user data insecure.

The Firebase database is a platform for Web applications and mobile devices acquired by Google in 2014, which aims to facilitate the development of applications by implementing many software loads rather than programmers.

The researchers examined more than 2.7 million applications on the Android operating system and on OSOS, discovered 27227 Android apps and 1275 iOS apps store application data in Firebase databases, storing 3046 applications from these applications. 2271 An unsecured database can be accessed literally by anyone, there are 2486 Android mobile operating system applications and more than 600 dedicated iOS apps that expose the personal data of users at risk.

Application data is stored in badly configured Firebase databases The problem is that developers are failing to properly authenticate the Google Firebase cloud database Examples of disclosed data that Appthority has access to are: sensitive information such as financial statements, employee medical records, passwords used by more than 150 companies, access to the cloud infrastructure, secret access keys to Amazon cloud servers and more than 40 server addresses with passwords. According to the company, there is a huge amount of data leaked up to about 113 gigabytes (GB), with nearly 4 million protected health data files, including prescription details and private conversations, 25 million geographically registered GPS sites, 50,000 financial records, including banking transactions, payments and biotechnologies, 4.5 million social network user profiles and 2.6 million identifiers and passwords stored in plain text.

These confidential data, if they fall into the wrong hands, pose a serious threat to businesses and consumers, where they can be used to penetrate networks or steal personal identities or monopoly business information. Seth Hardy, head of security research at Appthority, said, "This failure of developers to properly secure their databases in Google Firebase is a major and critical vulnerability that could expose huge amounts of sensitive data to the database. risk and a large number of non-applications. And the variety of data disclosed that companies can not rely on mobile application developers, application store analytics or simple malware testing to manage data security. "

Google provides detailed documentation on Firebase real-time use and security rules for cloud storage, as well as security rules for the FireStore database for application developers." mobile using the cloud platform.You have a question about this news: Leakage of sensitive data through thousands of mobile applications Please let us know or leave a comment below
Source: Arab Gate

[ad_2]
Source link