Bad news for 100 million Android users, please delete these apps immediately, otherwise there will be huge loss.
If you are an Android user then there is bad news for you because more than 2 dozen apps installed in almost 100 million (100 million) Android devices have leaked the data of users. Researchers at Check Point Research have released a list of these apps. Some of them are very popular and their installs are also very high. In such a situation, it is being said that hackers must have stolen personal information from Android devices in which these apps are installed. These devices include both smartphones and tablets. Personal data of millions of users linked to these Android apps is available on real time database.
In its report Check Point's research team has stated that some of these weak apps are specialized in astrology, fax, taxi services and screen recording. Researchers have pointed out at least three apps from this list. Including Astro Guru - a popular astrology, horoscope and palmistry app, T'Leva, a taxi-hailing app with over 50,000 downloads, and logo-designing app Logo Maker. Users' personal data is at risk due to deficiencies in these apps, which include email, password, name, date of birth, gender information, private chat, device location, user identifiers and other things.
An app that takes the information of the user has a real-time database which stores every data of the users. According to Check Point Research, "Real-time databases allow app developers to store data on the cloud and also ensure that it stays connected to all connected clients in real time." Many a times, some developers ignore the security of the database which leads to disturbances and this misconfiguration allows theft, service-swipe and ransomware attack on the entire database. Since this list contains a large number of very popular apps, there is a possibility of large-scale attack.
Every information can be obtained on just one request.
Storing data is one thing, but since all these apps are connected to real-time databases, such things increase the risk of exchange of chat messages and hacking. Researchers were able to extract their full name, phone number and location with the chat of the drivers and passengers of the T'Leva app. For this, they had to send only one request to the database. From this, it can be estimated how weak this app is in the matter of security. Apart from this, things were even worse with some apps as both their "read" and "write" permissions were on, allowing hackers to gain easy access. The report states, "This alone can compromise an entire application, not even considering the reputation of the developer, their user base or even their relationship with the hosting market
Delete apps quickly.
The drawbacks of these apps have given hackers access to the Push Notification Manager as well. Hackers can easily send notifications from developers to all users. In such a situation, if users get notifications through these apps, then they will not be able to guess that it was sent by a hacker and they will open it. In such a situation, hackers can share such links with the users, which can cause great harm to them. Checkpoint research has described several ways by which users' data can be stolen through these apps. In such a situation, it would be better for you to delete these apps quickly and download them again after these things are fixed
No comments:
Post a Comment