User data is exposed via a popular Android app with over 5 million installs

News Summary:

  • Firebase, a mobile app development platform, offers analytics, hosting, and cloud storage. As the Cybernews researchers state, this data could be used by threat actors for extortion: “If threat actors could de-anonymize the app`s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion”. That said, the report also notes that this data wouldn’t be enough for hackers to use effectively, as the attackers would need to find out where more user data would be stored by the app developers.

  • Cybersecurity analysts discovered a popular Android app left its Firebase instance open, leading the browsing app with over 5 million downloads to leak users` browsing history that hackers could use for “extortion”. The Cybernews(opens in new tab) research team reported that “Web Explorer – Fast Internet,” a browsing app for Android devices that claims to increase browsing speeds by 30% compared with other Android browsers, left an open instance that exposed app and user data. The open Firebase instance includes user data such as the user country, redirect initiating address, and redirect destination address.

However, cross-referencing the leaked data with additional details could still cause harm. The app is highly rated on the Google Play Store with an average user rating of 4.4 stars out of 5. However, the app’s listing page in the Google Play Store states that it was last updated in October 2020. This turned out to be harmful as the research team also found sensitive information hard-coded into the client side of Web Explorer – Fast Internet. This means hackers can also extract this information, and since it hasn’t been updated in over two years, these secrets are still there.

This means hackers can also extract this information, and since it hasn’t been updated in over two years, these secrets are still there.

However, the report also points out that hackers aren’t doing enough to use this data effectively. Attackers need to know where the app developer stores more user data. However, cross-referencing the leaked data with additional details can still do some damage. The app is highly rated on the Google Play Store with an average user rating of 4.4 stars out of 5. However, the app’s listing page in the Google Play Store states that it was last updated in October 2020. This turned out to be harmful as the research team also found sensitive information hard-coded into the client side of Web Explorer – Fast Internet.