Many popular Android applications, according to Check Point Research, put your personal data at danger owing to inadequately protected third-party services.
The research details a number of security problems affecting 23 distinct Google Play apps, each with a download count ranging from 50,000 to 10 million. The majority of the infringing apps employ unprotected real-time databases and cloud storage services to capture and store user information, developer data, and internal corporate resources.
The security experts were able to locate the unprotected cloud databases from 13 apps, implying that they are also accessible to external actors.
Other applications have misconfigured push notification systems, allowing hackers to intercept and change ostensibly genuine developer alerts, seeding them with malware, phishing links, or deceptive material.
At least 100 million Android users are vulnerable to fraud, identity theft, and malware assaults as a result of these flaws.
What Android applications put your data in jeopardy?
According to Check Point Research, one or more of these issues were discovered in 23 apps, 13 of which had publicly available real-time databases. The study, however, only mentions five of these applications by name:
- Astro Guru: Over 10 million people have downloaded this horoscope app. It saves the entire name, date of birth, gender, GPS position, email address, and payment details of each user.
- iFax: A mobile faxing app that saves all documents transferred by its 500,000+ users in a cloud database that is accessible via the app’s cloud storage keys.
- Logo Maker: Over 170,000 people have downloaded this graphic design software. All users’ complete names, account IDs, emails, and passwords are available, according to Check Point.
- Screen Recorder: More than ten million people have downloaded this app. Account credentials are saved on the same cloud service that keeps the recordings made by the app, according to the study, making them susceptible.
- T’Leva: With over 50,000 downloads, this taxi-hailing software from Angola makes text history between drivers and riders, location data, full identities, and phone numbers available.
What should Android users do to protect their personal information?
The first step is to cease using the applications included in Check Point Research’s report—but because only five are mentioned, that implies there are at least 18 more out there holding your data without sufficient protection.
Users may take the following precautions to keep their personal information and other sensitive data safe, regardless of which applications they use:
- When feasible, use two-factor authentication (2FA).
- Withhold personal information from your accounts (don’t enter your home address if a service doesn’t require it, for example) or make up information wherever feasible.
- Use an encrypted password manager and create unique passwords for each account.
- If at all possible, avoid linking third-party accounts like Google, Facebook, and Twitter.
- Keep the number of permissions granted to an app to a bare minimum.
- Use services that alert you to security breaches and accounts that have been hacked.