Google Play Store

Google Play Store: 14 apps on Google Play Store leaked users’ data, Beware!

# Headlines

Millions of apps are available for free or a small price on the Google Play Store, allowing Android smartphone users to get the most out of their handsets. However, these Android apps can sometimes pose significant issues for users by leaking sensitive information online. Unlike a virus, these apps are misconfigured, which means the developers can fix them. However, until they do, consumers may experience significant negative consequences from utilizing these apps.

According to a report, 14 Android apps from the Google Play Store have been leaking user data due to a Firebase misconfiguration, resulting in sensitive information published online. Google provides the Firebase platform so that developers can quickly add a variety of features to their projects. According to the research, these apps were top-rated, with over 140 million downloads.

The researchers looked at 1,100 of the most popular apps on the Play Store, spanning 55 categories. Decompiling and scanning each app for remnants of its default Firebase address yielded these results. “If the address was identified, we tried to access it using Google’s REST API to check for database permission misconfigurations. The “Shallow = True” parameter was used in all database requests. “We were able to see the names of the tables housed in the databases without having to access any data,” according to the report.

According to the research, data of users could be disclosed as a result of the apps’ improper Firebase configuration, including usernames for accounts, email addresses, and even a user’s true identity. The study also claims that anyone with the URL can access these databases without requiring authentication, which simply guessing the URL might be accomplished. According to the survey, Google did not reply to attempts to contact them, therefore keeping these apps installed could mean that data is still being exposed.

Also according to reports, if you have the Universal TV Remote Control, which has been downloaded by over 100 million people, you should be warned that your personal information could be leaked. According to the investigation, the Find My Kids: Child GPS watch app & Phone Tracker has over 10 million downloads but has also been harmed by misconfiguration. Users should also be advised that the security hole appears to have affected Hybrid Warrior: Dungeon of the Overlord and Remote for Roku: Codematics, among other programs.