Alert: Remove these vulnerable Android apps right now

Everyday there is a new threat that is detected by cyber researchers. Recently as many as 100 million Android powered devices with over two dozen apps were identified to be leaking sensitive user data. Researchers have released a list of all the apps that have been found to be leaking confidential information. Some of these apps are quite popular and used by thousands of users and happen to be highly vulnerable to data breach incidents. Hackers can steal highly sensitive information from such vulnerable apps installed on Android devices. The personal data that hackers are able to access can be made available to everyone online on a real-time basis.

Researchers have highlighted that some of these apps specialise in taxi services, astrology services ,screen recording services, etc. The three apps that have been named by the researchers are Astro Guru, T’Leva, as well as Logo Maker. The confidential data that can be at risk include emails, gender details, passwords, names, private chats, dates of birth, device location, etc.

An application that leverages user information usually maintains a real-time database that stores all the confidential user information. As per Check Point Research, “Real-time database allows application developers to store data on the cloud, making sure it is synched in real-time to every connected client.”

As some developers tend to overlook database security, these apps are highly vulnerable and they put the entire database prone to risks such as identity theft, service-swipe, as well as ransomware. The list mentioning the vulnerable apps is quite long.

Researchers could retrieve chat messages along with the full name of the user, telephone number, location, etc. “This alone could compromise an entire application, not even considering the hit to the developer’s reputation, their user-base, or even their relationship with the hosting market,” the report stated.

Because of the vulnerability of these apps, hackers can send out notifications to users on behalf of the developers. As notifications are received from the app the user may not be able to differentiate between genuine notifications and may end up tapping on the notifications. These links can then take the users to a suspicious website that may hack into the mobile device and steal confidential user data.

The best way to prevent personal data from getting hacked would be to delete such vulnerable apps from your mobile devices. Once these vulnerabilities are fixed by developers then only should these apps be downloaded.