4,000 Android Apps Expose Millions Of Passwords, Phone Numbers And Messages

kltaylorkltaylor Moderator, Beta Tester Posts: 1,188
1000 Comments 500 Likes 50 Answers 100 Awesomes
✭✭✭✭✭✭

Acquired by Google in 2014, Firebase is a mobile platform that helps users to develop apps quickly and securely. Think of it as the app production platform of choice for vast numbers of developers, taking advantage of the cloud-hosted real-time database that enables easy storage and syncing of data between users. It makes cross-platform collaboration a breeze, brings serverless app development to the masses, and is strong on user-based security.

If that is, developers configure everything securely in the first place. New research from Comparitech suggests that common misconfigurations of Google Firebase databases are exposing sensitive information, including passwords, telephone numbers, and chat messages, to anyone who wants to look. Here's what you need to know.

The Android app configuration error problem, by the numbers

A Comparitech security research team led by Bob Diachenko analyzed a sample of 515,735 Android apps from the Google Play store. Of these, 155,066 were using Firebase. I spoke to Diachenko, who confirmed that from the sample that was using Firebase, some 11,730 of those apps were exposing that Firebase database publicly.


To read the entire article please click on the Source link above.
"There's a fine line between audacity and idiocy."
-Warden Anastasia Luccio, Captain
Robin

Comments

  • W_T_FW_T_F On EarthMember Posts: 29
    10 Comments 5 Likes Name Dropper Photogenic

    Ok. I must have missed something. Is there anything we can do about this? Like which apps are affected, etc? I'm now freaking out. I have no internet connection as of today and I'm using mobile data. I'm about to shut everything down. My landlord called cox today and they said it's down but I cant find that info anywhere.

    What's a non tech person to do?

    Thanks for any suggestions!

    Ciarankltaylor
  • CiaranCiaran Administrator Posts: 820
    500 Comments 25 Answers 100 Likes 25 Agrees
    admin
    Thanks @kltaylor . To @Grammie_SueXs3 's point, would anybody have any suggestions on what 'joe/Joanne Public' can do to protect themselves, devices and network in light of this information?
    Ciaran (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
    kltaylor
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,188
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Very good question, everyone.
    The issue that they are talking about happens to use a 'backbone' database known as Firebase which most Android (not exclusive) developers use to create apps for the market.
    With the number of potential apps that are affected by this, there isn't a likely list to browse and cross-reference what you have installed in your devices. 
    Best Practice for this issue would be to be conscious of the applications that you download and use, ensure that those apps are always up-to-date as Google continues to work on the issue. 
    It's also a good idea to ensure that the passwords that you use in your mobile device do not reflect those that you use in high security places, like bank accounts, etc.
    Try to get into the habit of changing passwords every 60-90 days in your mobile device, use two-factor authentication where you can, and only have the needed applications, try not to browse and try too many apps at once.  If you download an app, please be extra aware of the permissions that it requests to have access to, and always ... always question if it really 'needs' it.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    W_T_F
  • W_T_FW_T_F On EarthMember Posts: 29
    10 Comments 5 Likes Name Dropper Photogenic

    @kltaylor thanks for the great advice! I was just nagging my old man to change all of his passwords! He tends to use simple ones and it drives me nuts!

    kltaylor
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,188
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    You're very welcome, @Grammie_SueXs3!
    Yes, changing passwords to try to stay ahead of the 'players' is an arduous task, but it's a good habit to get into.  Using a password manager also helps, so that you can retain the use of one password and let the manager handle the rest.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    W_T_F
  • W_T_FW_T_F On EarthMember Posts: 29
    10 Comments 5 Likes Name Dropper Photogenic

    @kltaylor great advice! Would you happen to be fond of any of the available password mangers out in app-land? I would be forever grateful for any recommendations!

    Thanks in advance!

    kltaylor
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,188
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Sure!
    There are plenty out there, doing a quick Google Search can provide to you several to look at, try and decide which has the best features that you feel warrant's a subscription (if they have that tier).
    Some of the more popular and user-friendly ones typically maintain a 'Free' tier that you should be able to use.  I'd recommend one that is cross-platform, meaning that you can use it in your mobile devices as well as your browsers on your desktop/laptop at home.  One such application that immediately comes to mind is LastPass.  It has a large user base, and has the free tier so you can start using it to help with password management.
    For a completely free app, one that I had used previously is called Bitwarden.  I used it before I ultimately opted to use a different application, but any of those examples, and depending on your needs and wants that you want from a password manager is going to be best for you.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    W_T_F
  • W_T_FW_T_F On EarthMember Posts: 29
    10 Comments 5 Likes Name Dropper Photogenic

    @kltaylor Oh thank you so much! You're a doll for helping to steer an old lady, short on tech skills, in the right direction!

    I'm off to secure my devices! Lol

    Take care!

Sign In or Register to comment.