A vulnerability detected in 14 applications in the Google Play Store caused the leak of user data.
According to research, there are close to 5 million applications in the Google Play Store. But not all of them are perfect in terms of privacy and security. Google sets many rules for developers who want to upload their application to the market via the Play Console. It is known that it does not accept applications that do not comply with these rules, as well as those that contain security violations.
Apart from that, Google allows consumers to scan their devices thanks to the ‘Play Protect’ feature that it integrates directly into the Play Store. In addition to examining the applications on the smartphone in real time, you can remove the ones that are found to be unsafe. However, malicious Android apps somehow continue to exist in the Play Store.
Newly identified vulnerability puts your financial information at risk
Security researchers at CyberNews discovered vulnerabilities in 14 Android apps with a total installed number of 142.5 million. The information at stake includes financial records, usernames, email addresses, and name. According to the researchers’ statement, the vulnerability occurred due to misconfigurations on Google’s Firebase platform. In order to have a better understanding of the subject, we need to briefly understand what Firebase is.
Google Play Store home page
Firebase, which Google bought in 2014; An application creation platform that handles applications such as application management, cloud storage, notification forwarding on the server side. Thanks to Firebase, developers can store all kinds of data related to user login authorization, user credentials and applications in the cloud. One of the most popular real-time database solutions, the platform is used in almost every application.
CyberNews conducted a detailed analysis on more than 1,000 applications in the Google Play Store. It detected those who keep their data in Firebase’s database and do not have any security checks. As a result of the investigations, it was revealed that the real-time database of 14 applications was in danger. Due to misconfiguration on Firebase servers, the data of these apps could be accessed without requiring authentication.
iOS apps may also be affected
According to CyberNews, the vulnerability they detected is platform independent. Because Firebase is also used in some iOS applications. This brings with it the possibility that the problem is not limited to the Play Store and may also affect iPhone applications in the App Store.
Researchers said in a statement that they reported the vulnerability to Google on September 14, but did not receive a positive response. He added that currently at least more than 30.5 million users’ data is still at stake.