User data in 19,300 apps is at risk
To be more accurate, Avast has found over 19,300 Android apps are exposing user data to the public because of a misconfiguration of the Firebase database. In case you’re wondering what that is, it’s a tool Android developers can use to store user data. Needless to say, this issue has been found in a broad range of applications. Apps from lifestyle, workout, gaming, email, food delivery, and many other categories. Those apps are also available in several different regions, including Europe, South-East Asia, and Latin America. The exposed data includes personally identifiable information (PII), which ends up being collected by apps. That data includes names, addresses, location data, and even passwords in some cases. Avast says that it notified Google of this flaw, so that the company can take the necessary steps to protect Android users. Google hopefully notified developers thus far, or took action on its own.
Avast researchers check out 180,300 publicly available Firebase instances
Avast researchers looked at 180,300 publicly available Firebase instances, and found that over 10-percent of them (19,300) were open. Therefore, they were exposing data to unauthenticated developers. Needless to say, this puts all that data at risk of theft. If developers are not careful enough, such data can include plain text passwords, and that’s extremely bad practice. Avast did not say whether Google patched things up, or notified developers to change their practices. The company also did not list all the apps that are affected by this, there are so many of them. This security threat is a bit different than most others we’ve seen lately. None of these apps contain malware, but they do expose user data, which is arguably just as bad.