100M Android Users Hit By Rampant Cloud Leaks

A number of cellular apps, some with 10 million downloads, have opened up private information of customers to the general public web – and most aren’t fastened.
                                            Greater than 100 million Android customers are in danger after 23 completely different cellular apps had been discovered to leak private information within the wake of rampant cloud misconfigurations.

That’s based on Examine Level Analysis, whose researchers discovered that emails, chat messages, location information, passwords, photographs, private information and extra had been all accessible to anybody with an web connection. Worryingly, after being contacted by the agency, solely “a number of” of the apps have modified their settings to make the knowledge non-public.

Researchers additionally discovered push-notification and cloud-storage keys embedded in a variety of Android functions, which put builders’ personal inner sources, corresponding to entry to replace mechanisms, storage and extra, in danger.

“Trendy cloud-based options have change into the brand new normal within the cellular software growth world,” researchers defined in a blog, posted Thursday. “Providers corresponding to cloud-based storage, real-time databases, notification administration, analytics and extra are merely a click on away from being built-in into functions. But, builders usually overlook the safety side of those companies, their configuration, and naturally, their content material.”

The depth of the info in danger throughout the apps is such {that a} vary of follow-on assaults may very well be attainable, from utilizing credentials towards different accounts to social engineering and fraud/id theft, researchers stated.

“This discovery underscores the significance of security-focused app testing and verification,” stated Chenxi Wang,

 » Read more from threatpost.com