(Image credit: Getty)
Equally you lot casually input sensitive information into a cryptocurrency app, a dating service, or a shopping platform, yous may assume the folks behind the mobile applications are doing their part to protect your data. Only according to a new Check Point Inquiry (CPR) investigation, you’d exist sorely mistaken.
CPR released a scathing report exposing mobile applications for leaving their users’ personal information unprotected and attainable to hackers. The most unnerving attribute of the investigation is that malicious actors just need one thing to pull off a data alienation: a browser.
- All-time password managers of 2022
- All-time laptops of 2022
- All-time video-editing laptops of 2022
Dating apps, crypto platforms, health trackers and more: your data may not exist safety
During a three-month inquiry study, CPR investigators discovered that a whopping 2,113 mobile apps left their databases exposed and unprotected in the cloud. These apps ranged from x,000+ downloads to more 10 million downloads.
Some of the sensitive data CPR researchers spotted included cryptocurrency exchange data, healthcare token IDs, personal family photos, and more than. In i harrowing case, CPR uncovered 50,000 individual messages from a pop dating app.
“In this research, we show how easy it is to locate data sets and critical resources that are open on the cloud to anyone who can just get access to them past browsing,” said CPR’s Head of Threat Intelligence and Research Lotem Finkelsteen.
Finkelsteen added that malicious actors tin access mobile apps’ exposed databases in a few simple steps that involve searching public-file repositories (e.yard. VirusTotal) for mobile apps that use cloud-storage services. “Everything we constitute is available to anyone. Ultimately, with this research, we evidence how easy it is for a data breach or exploitation to occur.”
At this time, CPR is not revealing the names of the mobile apps in question, but the following is a minor sample of the 2,000+ platforms that left its users exposed during the investigation period:
Section store application, one of the largest chains in South America
(10 million+ downloads) —
API gateway credentials and API key
Running tracker app
(100,000+ downloads) —
Users’ GPS coordinates and wellness parameters like heart rate
Dating app for people with disabilities
(10,000+ downloads) —
50,000 individual letters in the open up DB of a dating awarding
Logo design app
(10 millon+ downloads) —
130,000 usernames, emails and passwords
Social audio platform app for users to share and mind to podcasts
(5 one thousand thousand+ downloads) —
users’ bank details, location, phone numbers, conversation messages, buy history and more
(1 million+ downloads) —
280,000 telephone numbers associated with at least eighty,000 company names, addresses, bank balances, cash balances, invoice counts and emails
This written report exposes a glaring security issue: mobile apps are too negligent with its users’ personal data. CPR too called out cloud-security developers, concluding that they must take steps to add ameliorate protections to their services.