- Jan 21, 2018
- 814
"More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said."
More on this - Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
There was a similar security issue with Firebase in 2018 - Security Alert - 3,000+ mobile apps leaking data from unsecured Firebase databases
The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said."
More on this - Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
There was a similar security issue with Firebase in 2018 - Security Alert - 3,000+ mobile apps leaking data from unsecured Firebase databases