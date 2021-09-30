30 applications, among the most downloaded from different categories of the Google Play Store, may have exposed the data of more than 1024 millions of operating system users Android. The breach stems from the failure to comply with the best security practices in servers on the Firebase platform, provided by Google to accelerate software development for both the platform and other mobile devices.

In total, they are 142, 5 million installs of the apps reviewed by Cybernews’ security experts. They used the most downloaded lists of 30 categories available on the Play Store, analyzing more than 1.1 thousand applications available to users in the United States, seeking to use Firebase and its servers, which can be used to store personal and usage data and, from there, rely on poorly configured settings that end up exposing such information to anyone they encounter the correct access URL.

The result was cited as worrisome. Two remote control apps, Universal TV Remote Control and Remote for Roku: Codematics, for example, are among those with the highest number of downloads, accumulating at least 55 millions of users, while the game Hybrid Warrior: Dungeon of the Overlord has a million. All were listed in Cybernews’ report as responsible for the disclosure of information.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! The data varies according to the software category, but according to experts, it involves e-mail addresses, names , dates of birth and phone numbers, as well as geolocation and usage telemetry. In one case, cited as the most worrisome, a horoscope application also kept chats between users open, potentially opening the door to leaking personal and sensitive information. 10 Android apps were exposing sensitive user data; of these, nine continue with open banks, reaching more than 30 millions of people (Image: Reproduction/Cybernews ) Another situation that caught the attention of specialists was the Find My Kids: Child Cell Phone Location Tracker, which, as the name implies, led to the location and smartphone usage statistics by children on a server, which has been open for an undisclosed period of time. The loophole, however, has already been closed in this and other apps named by name. Not supported

On the other hand, nine of the 10 evaluated did not respond to the researchers’ calls nor did they take action in relation to the exposures, with information about 10 millions of people still open on Firebase servers. Therefore, Cybernews did not reveal the complete list of vulnerable software.

Experts still draw Google’s attention to the complaint, with the company, which owns Firebase, not taking over attitudes about unprotected servers nor returning the initial contact, made in 55 September. However, they point the responsibility directly to the developers, who are the direct administrators of the vulnerable servers.

To them, the recommendation is to follow the best security practices officially made available by Firebase and, if so, are dealing with especially sensitive data, use additional protection routines. This should be a priority for organizations, which can even weigh the friction caused to the user, but always having the confidentiality of data as the most important point of the strategy.

Source: Cybernews