Modern cloud-based solutions have become a standard in the world of mobile application development.
Services like cloud storage, real-time databases, notification management, analytics, and more are one click away from integrating into applications.
However, developers often overlook the security aspect of these services, their configuration, and of course their content.
Also Read: The Smart Toilet Arrives
An investigation carried out by Check Point Research (CPR) describes the general problem of misuse of cloud services, both by configuration and by implementation, and describes the impact of "bad practices" on application developers and their users.
Misconfiguration of third-party services by mobile app developers exposes more than 100 million personal data.
And it is that many application developers have put their data and user data at risk by not following best practices when configuring and integrating third-party cloud services into applications.
In some cases, this type of misuse only affects users, however, developers have also been exposed this time.
The incorrect configuration has put at risk both the personal data of the users and the internal resources of the developer, as well as the access to the update mechanisms and the storage.
The real-time database allows application developers to store data in the cloud, ensuring that it is synchronized in real time with each connected client.
This service solves one of the most encountered problems in application development, while ensuring that the database is compatible with all client platforms.
But what if the developer behind the app doesn't configure their real-time database with one of the most basic features: authentication?
Well, there is nothing in place to prevent unauthorized access from being processed and data being exposed.
Notice to Google
After examining 23 Android applications, Check Point Research has found that mobile application developers have exposed the personal data of more than 100 million users through a series of misconfigurations of third-party cloud services.
Some of the vulnerable apps are on topics ranging from astrology (Astro Guru) to taxi services (T'Leva), logo creation through screen recording (Screen Recorder) and fax services (iFax).
In the latter, for example, a cybercriminal could access each and every document sent by the 500,000 users who installed it.
However, if you are a user of any of them, do not worry because those responsible for Check Point Research have already contacted Google and each of the developers to change their settings.