Android apps hosted on Google Cloud are vulnerable to hackers

    All those Android apps hosted on Firebase Databases are said to be vulnerable to hackers. Remember, Firebase is a cloud-based backend platform for mobile and web applications meant to store and share user data. The company was acquired by Google in 2014 and has transformed into a real user base for some of the top end Android developers.

    A mobile security firm named Appthority has confirmed and disclosed the news to the media platforms after scanning more than 2.7 million mobile apps on both Android and iOS mobile apps that use Firebase databases.

    The research says that out of 27K Android apps and 1K iOS apps stored on Firebase database, 3K of them save data within 2,271 unsecured databases that are exposed to hackers.

    Appthority survey says that over 100 million individual records spanning a total of over 113 gigabytes of data make up the accessible info exposed to hackers. And the leaked data includes 2.6 million user IDs and passwords in plain text, 25 million stored GPS location-related data, 50 thousand in-app financial transaction records, and more than 4.5 million social media platforms user tokens.

    The research also confirms that over 4 million Protect Health Information(PHI) records containing private chats and prescription records have also been found accessible to hackers.

    Since, most of the databases of Firebase backers aren’t protected with firewalls and authentication systems, gaining entry to this database infrastructure is said to be easy to hackers.

    Already Google has been asked to look into the vulnerability by Appthority. But it is yet to react on this issue.

    However, those reporting to our cybersecurity insiders say that a team of security engineers has been pressed into service to dissect into the vulnerability facts and a Prima Facie is still awaited from them.

    The list of apps including those serving to finance, communication, health and travel sectors and which are hosted on Firebase databases have been withheld from being disclosed for now due to reasons.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display