This Popular Android App Compromises User Data

List of Popular Android Apps, and endanger your personal data

A list of Popular Apps That Are Dangerous and harmful to your personal data is summarized and carefully reviewed by Check Point Research.

According to a report by Check Point Research, many popular Android apps are putting your personal data at risk due to insecure third-party services.

The report highlights several security flaws affecting the 23 apps available on Google Play, each with 50,000 to 10 million downloads.

Most malicious applications violate collecting and storing user information, developer data, and internal enterprise resources using unsecured real-time databases and cloud storage services.

Security researchers found insecure cloud databases from 13 apps, meaning outside actors could also access them.

Other apps have configured push notification managers incorrectly, which hackers can use to intercept and modify seemingly legitimate notifications from developers,

Spread it with malware, phishing links, or misleading content and compromise personal data.

The vulnerability puts at least 100 million Android users at risk of harm such as fraud, identity theft, and malware attacks.

Check Point Research found one or more flaws in 23 apps, 13 of which have openly accessible real-time databases.

However, the report only mentions five of these apps by name:

Astro Teacher: Horoscope app with over 10 million downloads. It stores each user's full name, date of birth, gender, GPS location, email address, and payment information.

iFax: A fax app that stores all documents sent by its 500,000-plus users in an accessible cloud database—with a cloud storage key embedded in the app.

Logo Maker: Graphic design application with over 170,000 users. Check Point found that all users' full names, account IDs, emails, and passwords were accessible.

Screen Recorder: The app has over 10 million downloads. The report revealed it stored account passwords on the same cloud service that stored records the app made, making it vulnerable.

T'Leva: A taxi-calling app from Angola with more than 50,000 downloads, this one leaves text history between driver and rider, location data, full name, and phone number accessible.

Check Point said it notified app creators, but only Astro Guru responded, and all apps are still available on Google Play.

What should Android users do to keep their data safe?

The first step is to stop using the app mentioned in the Check Point Research report—but since only five are mentioned,

That means there are at least 18 other people out there who store your data without proper protection.

And that's what we know from the Check Point report—there's likely to be far more apps, websites, and services with misconfigured databases that we'll never know about until after a leak.

While Check Point Research reports and others like it can alert developers to unsafe data storage practices, it's ultimately up to developers to fix the problem.

However, users can take precautions to keep personal information and other important data secure, no matter what application they use:

Use two-factor authentication (2FA) whenever possible.
Withhold personal information from your account (don't add your home address if the service doesn't need it, for example), or use fake info whenever possible.

Create a unique password for each account and use an encrypted password manager.
Don't link third-party accounts like Google, Facebook, and Twitter if you can avoid them.
Keep application permissions to a minimum.

Use services that notify you of violations and compromised accounts.

This extra step won't stop the breach, but it can reduce the risk of identity theft, fraud, and other scams.

We also have guidelines for preventing and responding to malicious data breaches, ransomware attacks, malware malware, and identity theft, and how to find common phishing tactics and other online scams.

You might also like