18,000 Android and iPhone apps leaking user data — what you need to know
18,000 Android and iPhone apps leaking user data — what yous need to know
More than 18,000 Android and iOS apps are leaking their users' sensitive personal data from improperly secured deject servers, Dallas-based security firm Zimperium has found.
The leaking data includes medical test results, session tokens for online banking and shopping websites and user photos, usernames, real names, phone numbers, e-mail addresses and street addresses. Details of server configurations, online payment systems, airport transportation systems, encryption keys and even bare depository financial institution checks were too exposed.
- iPhone apps just as unsafe every bit Android apps, says security expert
- The best Android antivirus apps to keep your smartphone safe
- Plus: iPhone 13 vs. iPhone 12: Biggest differences to await
"Our analysis revealed a number of significant issues that exposed PII [personally identifiable information, i.e. sensitive data], enabled fraud and/or exposed IP or internal systems and configurations," wrote Zimperium'due south Chilik Tamir in a report released Thursday (March 4).
With null just a browser and command-line tools, anyone who knew where to await could admission this exposed data without having to gauge a password. For that reason, Zimperium isn't naming any names hither, but the report does say that among the guilty parties are a "major game app," "social media apps," a "Fortune 500 mobile wallet," a "major online retailer" and a "major music service."
"Information technology's a disturbing trend," Zimperium CEO Shridhar Mittal told Wired'south Lily Hay Newman. "Most of us have some of these apps correct at present."
Forgetting to lock the door
Many smartphone apps rely on cloud databases to hold user data. Whether you're streaming Netflix, checking social media or email or playing a multiplayer game, the app yous're using is only the front end end of a huge online repository on a server that's often leased from Amazon, Google or Microsoft.
Yet Amazon, Google or Microsoft don't become effectually and make sure each and every i of their cloud-computing clients have properly secured their databases. It'south upwardly to the clients to do and then, and many don't do a practiced job. They're similar someone opening up a boutique storefront while forgetting to lock the dorsum door into the aisle.
"The process of securing these cloud containers used by mobile applications tends to be overlooked past app developers while the impact of a misconfigured cloud container on the app developer, their business and their users can be extremely loftier," said the Zimperium report.
More than ane in 8 fail to secure the back end
Mittal told Wired that Zimperium researchers analyzed 1.3 1000000 smartphone apps and found well-nigh 130,000 that used leased cloud servers to ability their dorsum ends.
Of these apps, about 14% — nearly 12,000 Android apps and more half dozen,500 iOS ones — "had unsecure configurations and were vulnerable to the risks described in this postal service," as the Zimperium written report states.
Mittal told Wired that his company had been trying to accomplish out to the app owners and developers to notify them of the flaw, but that in that location'due south often little or no response.
Unfortunately, without knowing which apps are behaving desperately, there'southward no specific activity that the user can take to protect against sensitive data leaks. All yous can do is try to limit the amount of information about yourself that you put online, though that's often an incommunicable battle considering how much data apps and websites hoover upwards without your permission.
Source: https://www.tomsguide.com/news/18000-leaky-apps
Posted by: kindigthesne.blogspot.com
0 Response to "18,000 Android and iPhone apps leaking user data — what you need to know"
Post a Comment