Researchers have highlighted that some of these apps specialise in taxi services, astrology services ,screen recording services, etc. The three apps that have been named by the researchers are Astro Guru, T’Leva, as well as Logo Maker. The confidential data that can be at risk include emails, gender details, passwords, names, private chats, dates of birth, device location, etc.
An application that leverages user information usually maintains a real-time database that stores all the confidential user information. As per Check Point Research, “Real-time database allows application developers to store data on the cloud, making sure it is synched in real-time to every connected client.”
As some developers tend to overlook database security, these apps are highly vulnerable and they put the entire database prone to risks such as identity theft, service-swipe, as well as ransomware. The list mentioning the vulnerable apps is quite long.
Researchers could retrieve chat messages along with the full name of the user, telephone number, location, etc. “This alone could compromise an entire application, not even considering the hit to the developer’s reputation, their user-base, or even their relationship with the hosting market,” the report stated.
Because of the vulnerability of these apps, hackers can send out notifications to users on behalf of the developers. As notifications are received from the app the user may not be able to differentiate between genuine notifications and may end up tapping on the notifications. These links can then take the users to a suspicious website that may hack into the mobile device and steal confidential user data.
The best way to prevent personal data from getting hacked would be to delete such vulnerable apps from your mobile devices. Once these vulnerabilities are fixed by developers then only should these apps be downloaded.