picture of app store logo on smartphone

Are the apps you use exposing your data to hackers?

As reported by Laptop Mag, an alarming study from Check Point Research (CPR) found thousands of apps, including ones belonging to brands with tens of millions of users and customers, are exposing consumer data to hackers.

CPR found that 2,113 apps left their databases exposed in the cloud during a three-month study. Perhaps most alarmingly, this data wouldn’t have even been difficult for hackers to acquire, as all they would have needed was a browser.

What apps are guilty of exposing consumer data?

While CPR hasn’t “named and shamed” the guilty apps, its research found that data was available from many sources.

The data CPR was able to view included:

  • Cryptocurrency exchange details
  • Healthcare token IDs
  • Personal photographs
  • Private messages from dating apps

Lotem Finkelsteen, CPR’s Head of Threat Intelligence, was reported by Laptop Mag as saying: “In this research, we show how easy it is to locate data sets and critical resources that are open on the cloud to anyone who can simply get access to them by browsing.

“Everything we found is available to anyone. Ultimately, with this research, we prove how easy it is for a data breach or exploitation to occur.”

While not naming and shaming, CPR gives details of guilty apps

It isn’t clear if CPR eventually plans to “name and shame” the apps and businesses involved at some stage. Nevertheless, the researcher has provided some sample data around the types of apps it found to be exposing user data.

They included:

  • An app for one of South America’s largest department store chains, with over 10 million downloads, which exposed API gateway credentials and API keys.
  • A running tracker app with over 100,000 downloads, which exposed users’ GPS locations and various health metrics, including heart rate.
  • A dating app for people with disabilities, with over 10,000 downloads, which exposed over 50,000 private messages between users.
  • A logo design app with over 10 million downloads, which exposed users’ usernames, email addresses, and passwords.
  • A social audio app where users listen to and share podcasts, with over five million downloads, which exposed users’ bank details, location, telephone number, in-app chat messages, and their purchase history.
  • A bookkeeping application, with over one million downloads, which exposed 280,000 telephone numbers linked to at least 80,000 companies, addresses, bank balances, and email addresses.

Issue highlights severe security issues with mobile apps and cloud storage

CPR’s study calls into question the efforts made by mobile app owners and developers to safeguard user data. Given the ease with which apps can be downloaded, many users take security for granted and perhaps assume that if their phone is secure, then the data they submit to apps will be, too. Unfortunately, as we’ve seen, this isn’t always the case.

CPR didn’t just criticise app developers and owners, though, adding that cloud security providers must do more to provide better levels of security with their services.

Image Credit: BigTunaOnline / Shutterstock.com


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.