Thousands of Android and iOS app have exposed their user data.
Mobile security firms say issues on cloud misconfigurations that leak the user data are a common occurrence. These misconfiguration problems are detected even among applications using popular public cloud services such as Microsoft Azure, Google Cloud, and Amazon Web Services.
Fortune 500 company once developed a mobile wallet app discovered to expose sessions and payment transaction information of the users which should have been highly confidential.
Zimperium researchers conducted an internal analysis on 1.3 million iOS and Android apps, discovering that misconfiguration problems existed on 14 percent of the list. On their blog post, Zimperium says that they detected apps leaking the entire cloud infrastructure scrips, including the SSH files.
SSH keys allow a potential attacker to access the app's developer's servers. In these backend resources, the attacker could take, manipulate or destroy the whole app's infrastructure.
Read Also: Protect Your Personal Data from Leaking Through Google Firebase; Here's How
These Applications Leak All of Your Information
These apps potentially expose personally identifiable information (PPI), including personal details, profile pictures, and even medical test data. Some of these apps expose intellectual property (IP) data and internal systems, making owners susceptible to fraud.
In some cases, the misconfigurations allow hackers to change or overwrite data, disrupting the end-user interface.
Wired reported a total of 6,608 iOS apps and 11,877 Android apps exposing the users' data through the common cloud misconfigurations.
App developers have been informed about these exposures through the researchers' effort in contacting them. However, the response of most app developers to address these pressing matters were minimal, if none.
Cloud service providers like Microsoft, Google, and Amazon provide some level of protection to your data from being exposed. However, the ultimate responsibility falls on the companies and developers that offer these applications without appropriate configuration settings that ensure the safety of users and their data.
Unfortunately, even if the app's security is being compromised, it is not easy to uninstall it. Our lifestyle has continuously been integrated into being reliant on apps, especially during these times of pandemic. Apps have fully incorporated our money transactions, food delivery, working productivities, and entertainment in a digital lifestyle.
How Can You Avoid Leaks
Without the cooperation of app developers, there are some countermeasures you can take to create protection for your data leakage.
The simplest thing is to make sure your cloud storage database is not accessible to unauthorized access. You can avail yourself security by checking out each cloud provider's full documentation on how to achieve it.
After closing off unauthorized external access to your cloud, try availing services that assess your secure software development lifecycle. Along with recurring updates from the cloud drive, you might need a third-party app to do regular maintenance and monitoring.
Leading in the market for continuous mobile app security testing (MAST) is Zimperium's zScan solution. For other alternatives, you can also try ESET and Lookout.
Instead of relying on company and developers to respond, we must learn to create our own solutions, safety, and security
Related Article: SHAREit Alternatives: Security Bugs Still Unpatched, Could Completely Leak Your Personal Data
This article is owned by Tech Times
Written by Czarina Del Valle
