After examining 23 Android applications, mobile app developers potentially exposed the personal data of over 100 million users through a variety of misconfigurations of third-party cloud services, a report said on Thursday.
Check Point Research (CPR) recently discovered that in the last few months, many application developers had left their data and millions of users’ private information exposed by not following best practices when configuring and integrating third party cloud-services into their applications.
The report said that misconfiguration put users’ personal data and developers’ internal resources, such as access to update mechanisms, storage, and more, at risk.
Personal data includes emails, chat messages, location, passwords and photos, which, in the hands of malicious actors, could lead to fraud, identity theft and service swipes.
According to the report, the researchers found that Astro Guru — popular astrology, horoscope and palmistry app with over 10 million downloads — has a misconfiguration.
After users input their personal information, such as their name, date of birth, gender, location, email and payment details, Astro Guru provides them a personal astrology and horoscope prediction report, the report said.
The report said that this misconfiguration of real-time databases is not new and continues to be widely common, affecting millions of users.
All CPR researchers had to do was attempt to access the data. It added that nothing was in place to stop the unauthorized access from happening.
The report said that an effective mobile threat defense solution must be able to detect and respond to various attacks while providing a positive user experience.
