Security News > 2020 > May > Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases.
Data is secured using rules which "Work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths", according to the docs.
This is combined with authentication to lock up confidential data while also allowing access to shared data.
"A common Firebase misconfiguration allows attackers to easily find and steal data from storage. By simply appending '.json' to the end of a Firebase URL, the attacker can view and download the contents of vulnerable databases," the report explained.
In December 2019, it was reported that Google hides Firebase databases from search results, but you can find them with other search engines such as Bing.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/12/report_thousands_of_android_apps/