While Google has to deal with the return of spy apps, another problem has just come up on the Play Store. According to researchers from the computer security company Comparitech, a critical security flaw lies in FireBase.
24,000 Android app from the Play Store put users data at risk
As a reminder, Firebase is an application hosting platform bought by Google in 2014. According to cybersecurity experts, the developers of 24,000 applications available on the Play Store have not correctly configured Firebase’s security systems. As a result, the personal data collected by all these developers on their respective applications is threatened, accessible directly on the servers of Firebase.
Concretely, any hacker with experience can infiltrate the system and steal a large amount of personal information such as email addresses, passwords, identifiers, telephone numbers, postal addresses, or even IP addresses. According to Comparitech, some databases on Firebase even contain bank details and identity photos!
As you can imagine, all this information can be sold at high prices on the Dark Web. This flaw, therefore, represents a significant source of income for hackers. In addition, they can also execute malicious code and inject malware or ransomware inside an application. And this, without alerting the vigilance of the developers.
To top it all, the 24,000 Android applications affected by this flaw have accumulated 4.22 billion downloads worldwide. Unsurprisingly, Comparitech immediately alerted Google of its discovery. For its part, the Mountain View company will get in touch with the developers of the threatened apps:
“Firebase provides a number of features that help our developers configure their deployments securely. We provide notifications to developers about potential misconfigurations in their deployments and offer recommendations for correcting them. We are reaching out to affected developers to help them address these issues.” says the web giant.
Firebase is Google’s mobile app development platform. In addition, it was launched in 2011 and acquired by Google in 2014.