Security News > 2020 > May > Thousands of Android Apps Leak Data Due to Firebase Misconfigurations
Comparitech security researchers have discovered that thousands of Android applications distributed through Google Play leak sensitive information due to Firebase misconfigurations.
Overall, 4.8% of all mobile apps using Firebase are believed to be leaking personal information, access tokens, and other types of data.
After looking at 515,735 Android applications in Google Play, Comparitech's researchers found 4,282 apps that leak sensitive information.
"If we extrapolate those figures, an estimated 0.83 percent of all Android apps on Google Play leak sensitive data through Firebase. That's roughly 24,000 apps in total," the researchers note.
"Of the 155,066 Firebase apps analyzed, 11,730 had publicly exposed databases. 9,014 of them even included write permissions, which would allow an attacker to add, modify, or remove data on the server, in addition to viewing and downloading it," Comparitech says.