Few of the apps mentioned in the report are:
- Universal TV Remote Control
- Remote for Roku: Codematics
- Hybrid Warrior: Dungeon of the Overlord
- Find My Kids: Child Cell Phone Location Tracker
The leak is possible due to misconfiguration of Firebase databases that are often managed by developers with no security training, which makes them easy targets for cybercriminals.
Firebase is a mobile app development platform that offers features like hosting, analytics and real-time cloud storage to developers. The platform was acquired by Google in 2014 and since then it is one of the most popular data-storage solutions for Android apps. The research reveals that due to poor configuration on Firebase anyone who knows the right URL can access real-time databases and user information of these popular apps without any kind of authentication. According to researchers, the apps are not only leaking user data, but also their private messages.
With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Google recently banned 136 dangerous apps that were capable of stealing money via phone if installed.
See full list here, uninstall now.