Popular Android app with over 5 million downloads exposes user data

A cybersecurity analyst discovered that a popular Android app was leaving a Firebase instance open. This allowed the browsing app to be downloaded over 5 million times by him, leaking users’ browsing history and allowing hackers to use it for “blackmail”.

cyber news (opens in new tab) The research team found that “Web Explorer – Fast Internet”, a browsing app for Android devices that claims to increase browsing speed by 30% compared to other Android browsers, leaves an open instance exposing app and user data. reported that An open Firebase instance contains user data such as the user’s country, redirect start address, and redirect destination address. Firebase, a mobile app development platform, offers analytics, hosting, and cloud storage.

As Cybernews researchers state, this data can be used by threat actors for extortion. forced.

(Image credit: Android)

However, the report points out that this data alone is not enough for hackers to use effectively. Attackers need to find where app developers store even more user data. However, cross-referencing the leaked data with additional details can still do harm.

The app is highly rated on the Google Play Store with an average user rating of 4.4 out of 5 stars. However, the app’s listing page in the Google Play Store states that it was last updated in October 2020.

The research team also found that Web Explorer – Fast Internet hard-coded sensitive information (also known as “secrets”) on the client side, which could prove harmful. This means hackers can also extract this information, and since it hasn’t been updated in over two years, these secrets are still there.

Beware of Suspicious Messages

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *