Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
4,000 Android Apps Expose Millions Of Passwords, Phone Numbers And Messages
Acquired by Google in 2014, Firebase is a mobile platform that helps users to develop apps quickly and securely. Think of it as the app production platform of choice for vast numbers of developers, taking advantage of the cloud-hosted real-time database that enables easy storage and syncing of data between users. It makes cross-platform collaboration a breeze, brings serverless app development to the masses, and is strong on user-based security.
If that is, developers configure everything securely in the first place. New research from Comparitech suggests that common misconfigurations of Google Firebase databases are exposing sensitive information, including passwords, telephone numbers, and chat messages, to anyone who wants to look. Here's what you need to know.
The Android app configuration error problem, by the numbers
A Comparitech security research team led by Bob Diachenko analyzed a sample of 515,735 Android apps from the Google Play store. Of these, 155,066 were using Firebase. I spoke to Diachenko, who confirmed that from the sample that was using Firebase, some 11,730 of those apps were exposing that Firebase database publicly.
-Warden Anastasia Luccio, Captain