Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases

2020-05-12 17:32

Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases.

Data is secured using rules which "Work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths", according to the docs.

This is combined with authentication to lock up confidential data while also allowing access to shared data.

"A common Firebase misconfiguration allows attackers to easily find and steal data from storage. By simply appending '.json' to the end of a Firebase URL, the attacker can view and download the contents of vulnerable databases," the report explained.

In December 2019, it was reported that Google hides Firebase databases from search results, but you can find them with other search engines such as Bing.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/12/report_thousands_of_android_apps/

#android #database #researcher

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Android		4	0	17	2	0	19