Apps that store users’ data in cloud services are sometimes careless with their security. For example, the data from various apps appears to be online unsecured.
Security company Check Point investigated 23 Android apps and found that several of them require little effort to access sensitive user data. This concerns emails, chat messages, location, passwords, and photos stored via such apps but are poorly or not secured.
Of those 23 apps, 13 were of which private data was publicly available. The developer had the data stored via cloud services, but the data remains accessible to everyone by poorly configured. The security company speaks of apps that have been downloaded ten thousand to ten million times, with the data of one hundred million users exposed. It is not known whether others have actually viewed them.
These include astrology app Astro Guru, or the Italian Taxi app T’Leva, where chat messages between drivers and passengers were visible. But the iFax app also stored all fax messages in a poorly configured cloud so that all documents could be viewed just like that. Checkpoint contacted the developers about this, and some have subsequently adjusted the security problem.
Check Point does not say which cloud services are involved, but the problem itself is not new. Last summer, a security specialist already found thousands of poorly configured S3 storage buckets on AWS. A year earlier, similar errors were discovered by developers who use Facebook data. Whether it is also AWS storage this time is not known.