More than 18,000 iOS and Android apps leak their users’ data, according to research
Recent research shows that more than 18,000 mobile phone applications have insecure settings, putting user information at risk.
Our mobile phone can be a nest of malware if we do not take care of the applications that we download, and above all we do not limit the information we share when registering with certain services or companies, and a recent study has managed to uncover that more than 18,000 apps for iOS and Android are leaking sensitive user data.
According to the security company Zimperium Based in Dallas, more than 18,000 iOS and Android applications are leaking sensitive personal data of users on cloud servers that are not properly protected.
Information that could have been leaked included medical results, session tokens for online shopping and banking websites, user photos, user names, real names, phone numbers, email addresses and postal addresses. Details of the server configurations, online payment systems, airport transportation systems, encryption keys and even blank bank checks would also have been exposed.
According to the report, reported by Wired, ”with just your browser and command line tools anyone who knew where to look could access this exposed data without trying to guess any kind of password”. Although they have not given specific names of the applications, the report indicates that there are a major gaming app, social media apps, a mobile wallet, major retailers, and even a music service.
To understand the situation, it must be explained that most of the applications for our phones are based on databases that are stored in the cloud to store all our data. These databases are stored on servers rented from companies such as Amazon, Google or Microsoft, among many others.
However, not all cloud computing clients have adequately secured their databases, and that is up to the clients themselves to do so, in this case the owners of the applications that are keeping our confidential information.
“Application developers tend to overlook the process of protecting these cloud containers used by mobile applications, while the impact of a misconfigured cloud container on the application developer, their business and their users can be extremely tall”Notes the Zimperium report.
For the report, 1.3 million mobile apps were analyzed and found that around 130,000 used leased cloud servers. Of the latter applications, about 40%, about 12,000 applications for Android and about 6500 applications for iOS, “had insecure configurations and were vulnerable to the risks described in the report”Notes Zimperium.
Many of these application developers have already been informed, but most have not responded with what is likely that despite this report, much of your personal data may continue to be exposed.