Popular Android apps are leaking user data online

Most of the apps continue to leak details despite a heads-up by researchers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Over a dozen topAndroidapps listed on theGoogle Play Storewere found to be leaking user data, according to acybersecurityinvestigation.

Analyzing the configuration of popular Android apps, security researchers atCyberNewsfound that 14 top Android apps with over 140 million collective installs are leaking sensitive user data due to improper access controls on their Firebase real-time database.

“Mobile app developersuse Firebase real-time databases to store user records, financial information, and other kinds of sensitive data. Unfortunately, real-time databases are often managed by developers with no security training, which makes them an easy target for malicious actors,” notes CyberNews.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

According to the researchers, the misconfiguration enabled them to access the real-time databases and the information it houses about the users without being prompted for any kind of authentication.

Fire in the hole

CyberNews claims to have reached out to the developers of all fourteen apps, five of which have since secured access to their Firebase databases. However, since a majority of the developers didn’t respond to the researchers, CyberNews reached out toGoogleto solicit their help in getting the developers to fortify their databases.

“Unfortunately, Google has ignored our queries, and we have not heard from them since,” claims CyberNews, adding that the nine unsecured apps continue to leak data of their combined user base of over 30 million individuals.

“If you’re an app developer, always make sure to follow the official Firebase real-time database security guidelines provided by Google,” suggests CyberNews researcher Martynas Vareikis.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well