As Micky News previously reported, Firebase, the Google Play development platform, has been discovered to have been unintentionally leaking sensitive user data.
As mentioned, Comparitech‘s research showed that roughly 24,000 Android apps on Google Play have been leaking the said information through Firebase.
In fact, it was also discovered that there were 9,014 exposed databases that enable write access. This will let any attacker modify, change, or delete user data.
Also, this security crack has made exposed users vulnerable to phishing and possible scams.
Accordingly, the leaked data includes account holders’ full names, usernames, passwords, email addresses, credit card details, street addresses, phone numbers, and even government-issued photo IDs.
As data leaks from different online platforms have been an emerging issue lately, the best practice to always adhere to is to never use the same password in multiple website log-ins.
In cases where the same passwords are used, when a data breach similar to this happens, hackers will be able to try and use the exposed passwords on the owners’ other accounts.
Moreover, creating unique passwords can also be helpful. Users can also seek the assistance of password managers to be able to produce strong combinations.
As many may have noticed, certain websites, especially those that store users’ credit card details, strictly require alphanumeric and case sensitivity passwords to assure high-level account security.
Also, keeping the shared information to a minimum is one of the best natural practices to be wary of when making accounts online. It also discouraged to share sensitive information such as social security numbers, government-issued IDs, and exact home addresses.
Furthermore, Comparitech has highly recommended to only download and use trusted applications on Google Play. These applications are usually the ones with a high number of installs and user reviews.
However, Kaspersky warns the public to not just blindly trust the reviews and ratings seen on the Play Store.
The well-known Russia-based anti-virus provider informs that “Android Trojans can silently download apps to users’ smartphones, write fake reviews, and artificially boost ratings.”
Apparently, the rootkit Trojans can invade smartphones and do a few things without the users knowing. These acts can be sending SMS or silently download other apps.
Kaspersky cites an instance to further explain the use of Trojan:
For example, Guerilla, a Trojan distributed by the Leech rootkit, attempts to steal user credentials from Google Play. Then it uses the store’s API, masquerading as a client, and downloads, rates, and reviews apps on behalf of the user.
In addition, always be on the lookout for “fishy” reviews as these may be fake reviews.
With all these in mind, Kaspersky recommends downloading applications from Google Play with a blue diamond sign. This is Google’s indication that these apps are from trusted developers.
However, not all good developers have this indication. Instead, users are advised to do some further research about the developer online before deciding to download its offered apps.
As of the moment, reports claim that the only way to completely secure the Android users’ data is if developers fully configure the Firebase storage.
It is very common practice today that countries are trying to soften the economic misery…
Finally, the WhatsApp desktop version for Mac and PCs has received the much-awaited support of…
Apple will go through an investigation by UK's regulator following allegations of using anti-competitive policies…