Security News > 2021 > March > Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers
Thousands of mobile applications expose user data through insecurely implemented cloud containers, according to a new report from security vendor Zimperium.
Some of the analyzed apps would leak their entire cloud infrastructure scripts, SSH keys, web server config files, installation files, or passwords.
Types of iOS and Android apps that were found to expose PII include medical apps, social media apps, major game apps, and fitness apps.
Apps that enable fraud through data leaks include a Fortune 500 mobile wallet, a major city transportation app, a major online retailer, and a gambling app.
Among the apps that expose IP and systems, Zimperium found a major music app, a major new service, the apps of a Fortune 500 software company, a major airport, and a major hardware developer, as well as an Asian government travel app.
Zimperium also found apps that used both Google and Amazon cloud storage without any form of security, as well as apps that expose data users shared among them, or which exposed images containing payment details, along with various information related to making online purchases.