Tons of Android and iOS Applications are Leaking User’s Data

Google I/O is the great event for every developer out there. Every year the company unveils sweet features. Just like we have seen Google Duplex at this year’s Google I/O event. Note that developer community now has tons of new features available to use. Especially for the app developers, Google offers Firebase service which helps to build effective and high-quality applications.

Well, you can head over to the Google I/O event video where the company has announced new updates on their Firebase service. The developers indeed happy and they cheer when the service was mentioned at the event. On one side the service helps new developers to build their own mobile application. The thing only need is the partially learned codings. However, on another side, there is a disadvantage.

Join Our Telegram Channel for Quick Updates!

According to the latest report of security researchers at Appthority, there are more than 113GB of data available through the 2,200 Firebase databases. The data can be viewed by anyone who knows the right URL of the page. The researchers have scanned more than 2.7 million applications using Firebase services. Apparently, they found a massive number of personal record which hits the 100 million.

Normally, the data is stored inside the configured Firebase database which doesn’t allow anyone to read them. However, researchers found 28,500 applications which use the Firebase service to store users data and 3,046 from them have stored data inside the misconfigured Firebase database which can be easily accessible by anyone who knows the exact URL. In 2018, most of the developers who are not interested to make their own server to store users data, choose Google’s Firebase service to store data.

The leaked information includes the following:

  • 2.6 million plaintext passwords and user IDs
  • 4 million+ PHI (Protected Health Information) records
  • 25 million GPS records
  • 50 thousand financial including Bitcoin transactions
  • 4.5 million Facebook, LinkedIn, corporate data-store user tokens

It’s nothing worth to worry about. The information is still safe but the Appthority has informed Google to take their hands on this problem and solve it as fast as they can. Let us know what do you think about this.

Stay updated. Subscribe to our Newsletter.