Many apps on the Android Play Store have been found to have malicious intent, but in spite of the fact that this is the case they usually don’t get removed until the harm has already been done. Not all of the data leaks that were noted were caused by malicious intent, though. In this latest case, an Android app with over 5 million installs left its Firebase instance open, thereby exposing its users to widespread data theft, as reported by CyberNews.
The app in question is called Web Explorer – Fast Internet, and it is meant to boost browsing speeds on mobile by as much as 30%. With a rating of 4.4 stars, it was a widely trusted app on the platform with all things having been considered and taken into account. It turns out that the developer of the app left their database exposed, and it contains several days worth of private browsing information open for any malicious actor to exploit.
With all of that having been said and now out of the way, it is important to note that the data is still anonymous. However, it could easily be de-anonymized by cross referencing other data sets which could expose users to far more privacy risks than might have been the case otherwise.
One huge error that the developer behind this app committed is that they hard coded sensitive information. This is generally considered a bad practice because of the fact that this is the sort of thing that could potentially end up allowing threat actors to extract it, and coupled with the Firebase instance it suggests a lack of cybersecurity awareness on the developer’s end.
This open instance has now been closed, but it may be too late for some users. Developers need to do a better job of protecting such data, and avoiding hard coding in the first place can be a good place to start. This also goes to show that even an app that is trustworthy and does not have malicious intent could result in data theft so all users should take great care to protect their own interests.
Read next: 44% of Malware Gets Delivered Through ZIP and RAR Files
The app in question is called Web Explorer – Fast Internet, and it is meant to boost browsing speeds on mobile by as much as 30%. With a rating of 4.4 stars, it was a widely trusted app on the platform with all things having been considered and taken into account. It turns out that the developer of the app left their database exposed, and it contains several days worth of private browsing information open for any malicious actor to exploit.
With all of that having been said and now out of the way, it is important to note that the data is still anonymous. However, it could easily be de-anonymized by cross referencing other data sets which could expose users to far more privacy risks than might have been the case otherwise.
One huge error that the developer behind this app committed is that they hard coded sensitive information. This is generally considered a bad practice because of the fact that this is the sort of thing that could potentially end up allowing threat actors to extract it, and coupled with the Firebase instance it suggests a lack of cybersecurity awareness on the developer’s end.
This open instance has now been closed, but it may be too late for some users. Developers need to do a better job of protecting such data, and avoiding hard coding in the first place can be a good place to start. This also goes to show that even an app that is trustworthy and does not have malicious intent could result in data theft so all users should take great care to protect their own interests.
Read next: 44% of Malware Gets Delivered Through ZIP and RAR Files
