A report by Checkpoint research throws light on just how lazy many mobile app developers are. The cybersecurity research team tested a variety of Google Play apps and found that most of them had such lax authentication when it came to transfer of user data that they had potentially exposed personal data of more than a 100 million Android users.
This data included email addresses, chat messages, location history, passwords and even photos. The thirteen popular applications that Checkpoint tested have more than 10 million downloads and yet their standards for securing user data were pathetic.
The problem lies in how easy it is to link cloud-based services to mobile applications. These can include real-time databases, notification management services, analytics and more. Yet, many of these popular developer's simply inject the services into the app and forget about security measures.
Many of these companies do not follow the best practices for securing user data and leave them exposed and at the mercy of threat actors, who can use them for nefarious means.
In the report, Checkpoint says that, "This misconfiguration of real-time databases is not new, and continues to be widely common, affecting millions of users."
"All CPR researchers had to do was attempt to access the data. There was nothing in place to stop the unauthorised access from happening," Checkpoint added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
