Multiple Android applications leaked crucial information of more than 100 million users due to poor configuration, probable making them an advantageous target of malicious character.

“More than millions of of user’s sensitive data was exposed just because of not following best-practices when configuring and combining third-party cloud based services,” said today by Check Point researchers in an analysis published and shared with The Experts.

“In few cases, this type of maltreatment not only disturb the users, but also the developers were also left vulnerable. More on this poor configuration put user’s sensitive data and developer’s private resources, like access to update system, storage, etc. at high risk.”

What are the Results?

The results come from a study of all the 23 android application available in the Google Play Store, some of them which have downloads ranging of about 10,000 to 10 million, some of them are Astro, Guru, iFax, Logo Maker, T’Leva, Screen Recorder.

From the CheckPoints, the concern stems from the poor configuration of real-time databases, cloud storage keys and push notifications, phone numbers, browser histories, passwords, location, and photos.

Researchers said that if the database is not secure by authentic barriers then they were able to access user’s data of the Angolan taxi app T’Leva, which includes communication by exchanging messages between driver and passengers as well as rider’s full names, phone numbers, and pick-up locations.

“App developers embedded keys are required for sending push notifications and accessing cloud storage services directly into the apps.” The Researchers found this. This makes it easier for attackers to send a duplicate notification to all the users as the developers, but could not only make it overburdened even to straight unsuspecting users to a phishing page, which becomes an accessing point for more refined threats.

Installing cloud storage entry keys into the apps, Furthermore, opens the door to another adversary where an attacker could grip of all the data which is available in the cloud – Performance which was detected in two apps, iFax, and Screen Recorder, which gives the ability to the researchers to access faxed documents and screen recordings.

Which Applications are Vulnerable?

Only some apps change their arrangements in return for answerable disclosure, suggest users of the other apps continue to persist susceptible to probable threats like scams and identify theft, not to mention advantages but to steal the credentials and gain access to other accounts fraudulently.

Aviran Hazum said that “Conclusively, sufferer become vulnerable to various miscellaneous aims, such as identify theft, phishing, services swipes, impersonations, etc.” Check Point’s manager of mobile research, compute the study “Take off light on distressing reality where app developers resides not only their data but also their user’s data at high risk.”