- The leak was reported by cybersecurity researchers at CyberNews
- Top-rated apps in Google Play Store may have leaked data
- Data leaks may contain personal information, including private messages and e-mail addresses
According to CyberNews, apps like Universal TV Remote Control, Remote for Roku: Codematics, Hybrid Warrior: Dungeon of the Overlord and Find My Kids: Child Cell Phone Location Tracker can leak your data. This data can be leaked due to misconfiguration of Firebase database, which is managed by developers without security training and is an easy target for cybercriminals.
Firebase is a mobile app development platform that provides hosting, analytics, and real-time cloud storage to developers. The platform was acquired by Google in 2014, and has since been the most preferred data storage solution for Android apps. The research states that due to poor configuration on Firebase, anyone who knows the correct URL can access the real-time database and get users’ information without any authentication. According to researcher Martinus, the app is leaking not only the data of users, but also their private messages.
Researchers analyzed 1100 most popular apps in the Google Play Store across 55 different categories. The app was selected by the researchers from the top category of Play Store. CyberNews claimed that the results were sent to Google by their researchers and asked developers to help. However, this demand was ignored by Google. However, the researchers only researched the Android app. However, he says that the iOS application can leak data in a similar way because of the same Firebase.