Newly Uncovered Security Flaw Could Affect 100 Million Users, Report Claims GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

Newly Uncovered Security Flaw Could Affect 100 Million Users, Report Claims

Developers may have overlooked issues

By Sascha Brodsky Sascha Brodsky Senior Tech Reporter Macalester College Columbia University Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications. lifewire's editorial guidelines Updated on May 20, 2021 01:14PM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming The data of over 100 million Android users could be exposed to hackers due to a flaw in the way the devices handle cloud security, according to a report issued Thursday. Cybersecurity firm Check Point Research claimed in the study that at least 23 popular mobile apps contain "misconfigurations" of third-party cloud services. The company said that developers of some of the apps didn’t check if security measures designed to prevent data breaches were in place when synchronizing with cloud services. "By not following best practices when configuring and integrating third party cloud services into applications, millions of users’ private data was exposed," the researchers wrote. "In some cases, this type of misuse only affects the users, however, the developers were also left vulnerable. The misconfiguration puts users’ data and developer’s internal resources, such as access to update mechanisms and storage at risk." The researchers examined 23 Android apps, including a taxi app, logo maker, screen recorder, fax service, and astrology software, and found that they leaked data, including email records, chat messages, location information, user IDs, passwords, and images. Cybersecurity experts say that developers should have been aware of the vulnerabilities. "Developers tend to think that mobile backends are hidden from hackers," Ray Kelly, a principal security engineer at the cybersecurity firm WhiteHat Security, said in an email interview. "Search engines, such as Google, do not index these APIs, which gives a false sense of security when, in fact, these mobile endpoints can be just as vulnerable as any other website." By not following best practices when configuring and integrating 3rd party cloud services into applications, millions of users’ private data was exposed. Developers are under pressure to quickly incorporate new features into their software, Stephen Banda, a senior manager at cybersecurity firm Lookout, said in an email interview. "To deploy code quickly, organizations rely on automated software delivery processes to upgrade functionality, apply security patches to keep cloud applications up-to-date," he added. "Moving at this speed, even with sound change management and security best practices in place, means every organization runs the risk of introducing misconfigurations into their cloud applications." Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Why Incognito Mode May Not Be Private and What You Can Do About It What Are the Pros and Cons of Cloud Computing? Is Google Play Safe? WPA2? WEP? What's the Best Encryption to Secure My Wi-Fi? How to Update Your Logitech Unifying Receiver Smart TV Security: What You Need to Know What Is MD5? (MD5 Message-Digest Algorithm) How to Secure Your IP Security Cameras Storing and Remembering Passwords Securely Apple Brass Reportedly Hushed Up iPhone Hack How to Use Google Password Checkup Digital Passports Could Face Security Risks Microsoft Security Bulletin Severity Rating System How Beacon Can Improve Video Conferencing Security Apple’s Device Finder App Could Expose You, Experts Say Report Finds Hackers Could Record Your Phone Calls Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies