New research suggests that mobile applications boasting tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point.
Check Point’s three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database.
Using this method, the vendor discovered 2113 mobile apps that had their Firebase back-end exposed due to misconfigurations.
“While writing code, developers invest a lot of resources to harden an application against several forms of attacks. However, developers may neglect configuring the cloud database properly thus leaving real-time databases exposed, which could then result in a catastrophic breach if exploited.”
“Developers often manually change the default locked and secured configurations of security rules to run tests. If left unlocked and unprotected before releasing the application to production it leaves the database open to anyone accessing it and thus susceptible to read and write into the database,” they continued.
