Private Data From 100 Million Android Users At Risk Due To Cloud Leak

Cyber threat intelligence company Check Point Research (hereafter CPR) recently discovered that many application developers put user data at risk by not following best practices when “configuring and integrating 3rd party cloud services into applications.” This vulnerable data could include both the developers’ as well as the consumers’ information, which is quite the incentive to not have this happen.
After making this alarming discovery, CPR dug into how over 100 million user’s personal data like emails, passwords, names, and more were left exposed to malicious actors. As it turns out, it is as simple as not enabling proper authentication techniques for a real-time database for storing data in the cloud. The CPR researchers could access databases containing emails, passwords, usernames, birth dates, chat messages and much more, all of which makes for a privacy nightmare.
This was accomplished by scraping private cloud storage access keys from application files and then easily accessing databases. These keys could exist in cleartext, encoded in Base64, or other methods which are not foolproof nor even safe. It was even found that malware-laden apps had these issues, meaning the researchers could go in and modify all data that existed in the cloud storage for said apps.

While there is no amazing way to detect these sorts of vulnerabilities outright, CPR suggests using its “Check Point Harmony Mobile” app, which “automatically scans and identifies mobile security threats and vulnerabilities.” Moreover, users need to be cautious of apps that they download, only using ones from reputable sources and brand names.  At the end of the day, there are better ways to find your horoscope than downloading a random app and plugging in personal information. Otherwise, we can tell you your horoscope instead: “You are vulnerable to data theft, and you should be more alert.”