A cybersecurity analyst discovered that a popular Android app was leaving a Firebase instance open. This allowed the browsing app to be downloaded over 5 million times by him, leaking users’ browsing history and allowing hackers to use it for “blackmail”.
cyber news (opens in new tab) The research team found that “Web Explorer – Fast Internet”, a browsing app for Android devices that claims to increase browsing speed by 30% compared to other Android browsers, leaves an open instance exposing app and user data. reported that An open Firebase instance contains user data such as the user’s country, redirect start address, and redirect destination address. Firebase, a mobile app development platform, offers analytics, hosting, and cloud storage.
As Cybernews researchers state, this data can be used by threat actors for extortion. forced.
However, the report points out that this data alone is not enough for hackers to use effectively. Attackers need to find where app developers store even more user data. However, cross-referencing the leaked data with additional details can still do harm.
The app is highly rated on the Google Play Store with an average user rating of 4.4 out of 5 stars. However, the app’s listing page in the Google Play Store states that it was last updated in October 2020.
The research team also found that Web Explorer – Fast Internet hard-coded sensitive information (also known as “secrets”) on the client side, which could prove harmful. This means hackers can also extract this information, and since it hasn’t been updated in over two years, these secrets are still there.
Beware of Suspicious Messages
An open Firebase instance is reported as closed. This means that the attacker can no longer access this information. The Cybernews team has reached out to the app developer, but has yet to hear back.
Cybernews team said: “Since the issue is currently only partially resolved and we have not received any response from the app developer, we can only speculate what other information may be leaking through the app’s secrets. you can’t.”
Android browser app users should be wary of suspicious emails and messages. This is because exposed data could allow attackers to de-anonymize users and use this data for malicious means such as phishing scams and ransomware attempts.
Staying protected online is a good idea and one of the best antivirus apps can help keep malware threats at bay. was discovered to lure discouraged victims into predatory loan lairs, using apps that lend money as bait.