A vulnerability detected in 14 applications in the Google Play Store caused the leak of user data.
According to research, there are nearly 5 million applications in the Google Play Store. But not all of them are perfect in terms of privacy and security. google sets many rules for developers who want to upload their application to the market via the Play Console. It is known not to accept applications that do not comply with these rules, as well as applications that contain security violations.
Apart from that, google allows consumers to scan their devices thanks to the ‘Play Protect’ function integrated directly into the Play Store. In addition to viewing the applications on the smartphone in real time, you can delete the applications that are found to be unsafe. However, malicious Android apps somehow persist in the Play Store.
Newly identified vulnerability puts your financial information at risk
Security researchers at Cyber news discovered vulnerabilities in 14 Android apps with a total installed number of 142.5 million. The information at stake includes financial details, usernames, email addresses and name. According to the researchers’ statement, the vulnerability was created by misconfigurations on Google Firebase platform. To better understand the topic, we need to briefly understand what: firebase is.
Google Play Store Homepage
Firebase, that google bought in 2014; An application creation platform that handles applications such as application management, cloud storage, forwarding server side notifications. Firebase allows developers to store all kinds of data related to user login authorization, user credentials and applications in the cloud. One of the most popular real-time database solutions, the platform is used in almost every application.
Cyber news performed a detailed analysis of more than 1,000 applications in the Google Play Store. It detected those who keep their data in Firebase’s database and have no security checks. The investigation revealed that the real-time database of 14 applications was compromised. Due to a misconfiguration on Firebase servers, the data of these apps could be accessed without the need for authentication.
iOS apps can also be affected
According to CyberNews, the vulnerability they discovered is cross-platform. Because Firebase is also used in some iOS applications. This brings up the possibility that the problem is not limited to the Play Store and can also affect iPhone applications in the App Store.
Researchers said in a statement they reported the vulnerability to: google on September 14, but received no positive response. He added that there are currently at least 30.5 million user data at stake.