If you own an Android smart device, be advised there has been a data leak. Security researchers at Check Point have recently discovered a massive data leak that left an assortment of personal data for more than 100 million Android users exposed.
The data was found in unprotected databases used by 23 different popular apps, some of which boast download counts of more than ten million.
Unfortunately, the recent discovery underscores that many app developers aren’t following even the most basic security practices designed to restrict access to the app’s databases.
According to the research team responsible for the discovery, the exposed data includes physical location, gender, stored passwords, stored payment details and photos associated with the apps in question, phone numbers, user names, and real names, email addresses, dates of birth, chat messages, and more.
Two of the most egregious examples the researchers found were the app called iFax, and another called Screen Recorder. In the case of iFax, the Android app stored the user’s cloud storage keys, and their database contained copies of all fax transmissions from its more than half a million users. In the case of Screen Recorder, which boasts more than ten million installations, the researchers found the cloud storage keys that give access to all of each user’s screenshots, which could contain a whole host of sensitive and personal information.
Unfortunately, this is not a new phenomenon. What’s disheartening about the recent discovery, though, is how many examples Check Point found during the course of their research. It seems that a dismaying number of app developers are sacrificing security basics in the name of speed and convenience, and the end-users of the apps they create wind up paying the price.
All that to say be careful what you download. An app’s popularity is no guarantee that it’s actually safe to use.