Now misconfigured mobile apps are leaking data


Next time when you download a tax app or an app related to health, just be aware that the personal information you disclose to the app might fall into the hands of hackers.

Yes, what you’ve read is right as it was reported by cyber threat intelligence firm Check Point after it analyzed the facts in a recently concluded study meant to learn how mobile apps were exposing the personal data of their users respectively.

Check Point researchers have confirmed that many app developers were not following the best security practices while integrating their apps to third-party services and that is putting the user data at extreme risks that can lead to extortion or phishing-related attacks in the future.

Device location, private chats, photo & video share, device location, passwords, email addresses, and user identity were being exposed by apps that can be used by hackers to identify theft or to commit finance-related frauds.

Applications hosted on Google PlayStore and Apple App Store like Astrology or horoscope related, tax-related, and e-wallets were seen targeted by hackers as they store sensitive information that is often stored on cloud storage platforms such as AWS and Azure. As such services essential for unlimited storage, app developers fail to bother about the security as they are in a misconception that the cloud storage providers must keep the information safe.

In reality, the onus lies on the app developer as well as they need to configure their apps in such a way that the content that is streaming to and fro from the cloud can never be sniffed by cyber crooks. At the same time, as soon as the data is loaded onto a Cloud Service Provider(CSP), security check-ins like authentication and access permissions must be carefully monitored and analyzed by the CSP to avoid any data leak embarrassments in the future.

Check Point said that it has contacted Google and Apple Inc and is awaiting a response from the tech giant in this regard. These two play stores host a variety of apps that are downloaded and used by millions of users every day.

Maybe educating the app developers on how to properly configure their apps against security risks makes complete sense ……isn’t it?

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display