This Android App Leaked Private Browsing History, and It Has Over 5 Million Downloads
Many apps on the Android Play Store have been found to have malicious
intent, but in spite of the fact that this is the case they usually
don’t get removed until the harm has already been done. Not all of the
data leaks that were noted were caused by malicious intent, though. In
this latest case, an Android app with over 5 million installs left its
Firebase instance open, thereby exposing its users to widespread data
theft, as reported by CyberNews.
The
app in question is called Web Explorer – Fast Internet, and it is meant
to boost browsing speeds on mobile by as much as 30%. With a rating of
4.4 stars, it was a widely trusted app on the platform with all things
having been considered and taken into account. It turns out that the
developer of the app left their database exposed, and it contains
several days worth of private browsing information open for any
malicious actor to exploit.
With all of that having been said and
now out of the way, it is important to note that the data is still
anonymous. However, it could easily be de-anonymized by cross
referencing other data sets which could expose users to far more privacy
risks than might have been the case otherwise.
One huge error
that the developer behind this app committed is that they hard coded
sensitive information. This is generally considered a bad practice
because of the fact that this is the sort of thing that could
potentially end up allowing threat actors to extract it, and coupled
with the Firebase instance it suggests a lack of cybersecurity awareness
on the developer’s end.
This open instance has now been closed,
but it may be too late for some users. Developers need to do a better
job of protecting such data, and avoiding hard coding in the first place
can be a good place to start. This also goes to show that even an app
that is trustworthy and does not have malicious intent could result in
data theft so all users should take great care to protect their own
interests.
m