Moneycontrol PRO
LAMF
LAMF

Mobile app developers misconfigure third-party services, leaving personal data of over 100 million users exposed

Many mobile app developers were lazy in implementing authentication in how they handle data transfer to the cloud.
May 25, 2021 / 15:33 IST
The thirteen popular applications that Checkpoint tested have more than 10 million downloads and yet their standards for securing user data were pathetic.

A report by Checkpoint research throws light on just how lazy many mobile app developers are. The cybersecurity research team tested a variety of Google Play apps and found that most of them had such lax authentication when it came to transfer of user data that they had potentially exposed personal data of more than a 100 million Android users.

This data included email addresses, chat messages, location history, passwords and even photos. The thirteen popular applications that Checkpoint tested have more than 10 million downloads and yet their standards for securing user data were pathetic.

The problem lies in how easy it is to link cloud-based services to mobile applications. These can include real-time databases, notification management services, analytics and more. Yet, many of these popular developer's simply inject the services into the app and forget about security measures.

Many of these companies do not follow the best practices for securing user data and leave them exposed and at the mercy of threat actors, who can use them for nefarious means.

In the report, Checkpoint says that, "This misconfiguration of real-time databases is not new, and continues to be widely common, affecting millions of users."

"All CPR researchers had to do was attempt to access the data. There was nothing in place to stop the unauthorised access from happening," Checkpoint added.

Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News

Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

Subscribe to Tech Newsletters

  • On Saturdays

    Find the best of Al News in one place, specially curated for you every weekend.

  • Daily-Weekdays

    Stay on top of the latest tech trends and biggest startup news.

Advisory Alert:

It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347