These 4 apps have leaked messages, emails of 14 crore users

Over a dozen popular Android applications that are downloaded by over 140 million people are reportedly found to be leaking data. The exposed data includes users’ names, email addresses and many other personal information. The leak has been detected by cybersecurity researchers at CyberNews and they have released a report on the same.

Few of the apps mentioned in the report are:

  • Universal TV Remote Control
  • Remote for Roku: Codematics
  • Hybrid Warrior: Dungeon of the Overlord
  • Find My Kids: Child Cell Phone Location Tracker

The leak is possible due to misconfiguration of Firebase databases that are often managed by developers with no security training, which makes them easy targets for cybercriminals.

Firebase is a mobile app development platform that offers features like hosting, analytics and real-time cloud storage to developers. The platform was acquired by Google in 2014 and since then it is one of the most popular data-storage solutions for Android apps. The research reveals that due to poor configuration on Firebase anyone who knows the right URL can access real-time databases and user information of these popular apps without any kind of authentication. According to researchers, the apps are not only leaking user data, but also their private messages.

With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Google recently banned 136 dangerous apps that were capable of stealing money via phone if installed.
See full list here, uninstall now.