科技创新!
Popular mobile apps aren't protecting your personal data
Millions of passwords, GPS locations, and financial records are sitting unprotected in plain sight — and yours could be one of them.
Researchers at Appthority, a mobile security firm, scanned both Android and iOS mobile apps that used Firebase databases to store their users’ data. For the uninitiated, Firebase is a popular cloud-based backend platform for mobile and web applications. The company was acquired by Google back in 2014, so it’s found a real user base among some of the top Android developers.
SEE ALSO: Facebook and Google accused of using 'dark patterns' to mislead users into sharing personal dataWhat mobile security researchers found is alarming
For their report, Appthority looked into more than 2.7 million mobile apps on both iOS and Android. It’s researchers found that of the 27,227 Android apps and 1,275 iOS apps storing their app’s data in Firebase’s backend database systems, 3,046 of these apps saved data within 2,271 unsecured databases that literally anyone could access. Out of those apps storing this data openly for anyone to see, 2,446 are on Android and the remaining 600 are iOS applications.
So, what exactly is being stored in plain sight here for the world to see? Among all of these vulnerable applications, the leaked data includes: 2.6 million user IDs and passwords in plain text, 25 million stored GPS location records, 50 thousand in-app financial transaction records, and more than 4.5 million social media platform user tokens. Other data being leaked includes over 4 million PHI (Protect Health Information) records which contains private chats and prescription records.
In total, over 100 million individual records spanning a total of over 113 gigabytes of data make up the accessible information involved in the breach. The affected Android apps were downloaded more than 620 million times from the Google Play store.
Just how easy is it for anyone to gain access this personal data? According to the report, the vulnerable Firebase backends aren’t protected by firewalls or authentication systems. To gain entry to these unsecured databases, a “hacker” would simply have to tack on “/.json” with a blank database name to the end of the host name (for example, “https://appname.firebaseio.com/.json”).
Researchers point out that they contacted Google before releasing this report. They say they have also provided Google with a full list of the unsecured apps, along with reaching out to the app developers themselves. While the list of vulnerable apps have not been made public, they include apps in categories ranging from messaging and finance to health and travel. The companies or creators behind these affected apps are located around the world.
This incident along with countless others continues to prove that there’s a lot left to be desired from companies who store our most private, personal data.
UPDATE: July 2, 2018, 1pm EDT A Google representative reached out to provide an update. In December 2017, Google sent emails to all insecure projects with directions on how to turn on security rules. Security rules have to be turned off by developers in order to allow public access to databases. Firebase secures databases by default.
Featured Video For You
AI will become the criminal hacker's best friend—and worst enemy
友链
外链
互链
Copyright © 2023 Powered by
Popular mobile apps aren't protecting your personal data-寸地尺天网
sitemap
文章
1
浏览
71693
获赞
5
热门推荐
Encrypted Signal app downloads skyrocket amidst nationwide protests
When the police state comes knocking, a little bit of privacy goes a long way. As peaceful protesterU.S. could be 'left behind' if Trump exits the Paris Climate Agreement
The head of the United Nations has a clear message for countries and companies dragging their feet oWelp, humanity had a good run: Humpback whales organize into mysterious 'super
Huge groups of humpback whales have been seen gathering in the Southern Hemisphere, and it's leavingLatest iOS 13 update fixes iPhone 11 green tint problem
Back in June, some iPhone 11 owners started experiencing a worrying problem: their iPhone display deFacebook bans far right ‘Boogaloo’ accounts from its platform
Facebook is cracking down on the Boogaloo movement.On Tuesday, the social media giant announcedthatApple launches new iMac with better display and 1080p webcam
It's the return of the ... iMac? Get it? Like the Mark Morrison song? Whatever, Apple made a new iMaA Surveillance Primer: 5 Eyes, 9 Eyes, 14 Eyes
As awareness of global surveillance grows, more people are looking for information about the Five EyNorth Face, Patagonia, and REI boycott Facebook ads to #StopHateForProfit
The brands are revolting against Facebook.Well, at least some of them are. Temporarily, that is.FiveUber Boat takes over London commuter ferry for water rides
UPDATE: Aug. 3, 2020, 10:03 a.m. BST Uber Boat has launched in London, setting sail on the River ThaBoston bans most city use of facial
Boston on Wednesday joined the still small, but growing, number of U.S. cities that have for the mosThese coronavirus trackers can help you sort through the info overload
If you're like me, the daily barrage of information about the progress of the coronavirus pandemic cHulu adds new group streaming option with Watch Party
Hulu hopped on the group streaming bandwagon this week, but not everyone's invited to the party.StarBeto O'Rourke livestreamed his haircut. Yes, his haircut.
You can't keep a streaming Beto down.If you didn't think livestreaming a dental appointment was mundLive blog: Apple reveals new software at WWDC 2020
It's time for Apple's annual Worldwide Developers Conference (WWDC). Thanks to COVID-19, Monday's evTesla Model S touchscreen problem could affect up to 63,000 cars
Some of Tesla's older touchscreens are blinking out. The National Highway Traffic Safety Administrat