Leaking sensitive data across thousands of Mobile Apps

Source: gate Arab news technical

التطبيقات المحمولة

Of thousands of Mobile Apps leak many sensitive data, including personal health information, passwords, plain text and financial transactions, according to a new report issued this week by the security company Appthority, the complexity of this problem to a rules-based data the cloud is not local, where the cast report in the application developers who have failed to apply validation rules correctly within Google’s database Firebase, making users ‘ data is safe.

The database Firebase as a platform for web applications and mobile devices was acquired by Google in 2014, where it aims to make the process of application development easier through the implementation of many of the workloads of the software instead of programmers.

The researchers examined more than 2.7 million apps on both operating systems Android and iOS, and discover leadership 27227 Android application and 1275 application to iOS Store app data in systems, databases, Firebase, where stores 3046 application of this apps data within the 2271 database is not secure anyone can access it literally, there are 2486 of the apps from the mobile OS Android and more than 600 dedicated application for iOS know users ‘ personal data at risk.

And save Application Data in databases Firebase that was configured wrong, where the problem lies in the failure of the developers in the authentication database Google Firebase cloud correctly, and includes examples of the leaked data, which enables the company Appthority to access, and sensitive information is essential, such as financial data, medical records staff, passwords, plain text is used in more than 150 company website, data entry, cloud infrastructure and keys to access speed to servers Amazon cloud and more than 40 server address with the Password text to the user base.

According to the police, there is an enormous amount of the leaked data size of up to about 113 GB, where there are nearly 4 million data file and the health protected, including details of the prescriptions and talks, and 25 million a geographic location recorded by Global Positioning System GPS and 50 thousand financial record, including banking transactions and open, and 4.5 million token users of social media and the 2.6 million user ID and password stored in plain text.

These include confidential data in the case they reach the wrong hands a serious threat to businesses and consumers alike, where they can be used to penetrate the networks or identity theft of personal or corporate information needs.

Said Seth Hardy Seth Hardy, Director of research for security within the company Appthority: “this failure on the part of developers in securing their databases within the Google Firebase correctly is twice as big and decisive may expose huge amounts of sensitive data at risk, and shows the large number of applications, non-domestic and the variety of the leaked data that the institutions cannot rely on the developers of mobile applications or inspections that take place through app stores or simple checks for malware in order to address data security”.

Provide Google detailed documentation about using Firebase in real time and the rules of safe cloud storage, in addition to the security rules database documents Firestore for developers of mobile applications who use the platform to Google Cloud.

Link to it from the source: leaking sensitive data across thousands of Mobile Apps

Leave a Reply

Your email address will not be published. Required fields are marked *