100 Million+ Android Users’ Data Leak Owing To Weak Configurations

Security operatives reveal that personal data exposure from over 100 million Android users could be traced to popular apps on the Google Play Store

May 27, 2021, 6:10 p.m.

TL;DR

Check Point Research, along with major security researchers, concluded that cloud misconfigurations were the major reasons leading to the exposure of over 100 million android users' data.

Over 100 million Android users’ data have been exposed.

Key Facts

1
A majority of these apps had unprotected real-time customer databases, exposing personal user information.
2
Some Google Playstore apps that infamously made the Check Point Research list include Astro Guru, Logo Maker, and Screen Recorder.
3
Over 11 data categories for apps with over 10 million downloads have experienced data breaches.

Details

Security researchers have revealed that over 100 million Android users could be prone to identity thefts, service swipes, and any other complications that unintentional exposure of their data could bring to them. Check Point Research, leading the charge, maintained that serious cloud misconfigurations of third-party Android applications and services by developers are major factors of this negligence.

Astro Guru data breach with user location, email and personal data. (image courtesy: https://research.checkpoint.com)

The firm highlighted in a recently published report how the mismanagement of ethical operations like real-time databases, notification managers, and storage of personal login data like emails, passwords, names, personalized usernames, chat messages and location information, etc. left individual and corporate data in the hands of malicious actors.

This is a bomb waiting to explode and an addition to the list of headaches for cybersecurity experts and more content for cloud news reporters. The year 2021 might witness the worst spate of cybersecurity the world has seen. This is still the first quarter. The world is at an all-time high ransomware spate, dependency confusion string, and Cloudflare analytics report of breaking its standard hurdle and nursing unethical developers that forgot to read the best practices memo. Over 100 million Android users’ data have been exposed. Cleaning this mess up might take a while, and it is more severe than a new publication could express.

The report contained 23 popular apps with open real-time databases. A real-time database provides developers with the ability to make sure data stored in the cloud is in synchrony with real-time for every related user. A real-time database is why a Facebook user does not have to update their age with every passing year. This software holds sensitive information like private chats, email addresses, passwords, device location, user identifiers, group info, etc. To the surprise of the research team at Check Point Research, they had a relatively good time accessing these data, with no obstacles in place to deter their entry. Many users have a specific email and password, meaning they could use the same combination as they did on Astro Guru, Logo Maker, Screen Recorder, and other Android apps that made this infamous list on mailing websites and banking and financial apps, and other services.

Each of these apps boasts over 10 million Google Play Store downloads; Screen Recorder has been rated by hundreds of thousands of Android users. Check Point research declared a total of 23 apps that have over 10 million installation stats, and three having over 500,000 users.