Privacy and security of user data has become one of the primary issues with the popularity of social media and millions of apps. Facebook came under fire over Cambridge Analytica, and it became clear that the whole ballgame around securing data has just got more tougher and murkier. A report published by Appthority, a mobile security firm, in their Quarter 2 2018 report just reinforces the above statements. According to Appthority’s report, there are thousands of iOS and Android applications which are sitting vulnerable with user information. This means, data concerning ids and passwords, GPS locations, and records of financial transactions are lying un-encrypted, under the open eye and any of us could be victims of this unprotected data.
Appthority experts gleaned through applications on iOS and Android platforms that uses Firebase as a database to store user’s data. Firebase is a cloud-based backend platform for web and mobile applications. In the year 2014, Firebase was acquired by Google which led to its popularity among top android app developers.
What does the report say?
For the starters, Appthority peered into 2.7 million apps on Android and iOS platform and found 27,227 Android and 1,275 iOS applications are using Firebase’s backend database system for storing user’s data. Well, that does not sound scary because it is just saving up gigabytes of data on a storage system. But wait, what Appthority found is, there are about 3,046 apps out of the above which are storing their data on 2,271 unprotected databases; meaning the data exists without any encryption.
Appthority’s report also gives a breakdown of the number of apps that has stored vulnerable user data: 2,446 apps on Android and 600 apps on iOS.
The team of experts at Appthority started investigation from January 2018 by looking into insecure backend servers connected to mobile apps. What Appthority found was, most of the mobile apps are using Firebase as their top most preference in back-end database for storing app data.
Their investigation revealed that as the number of apps using Firebase increased, the vulnerability of data went up too.
How big is the problem?
Appthority revealed that almost 62% of enterprises worldwide have at least one of their apps using Firebase to store data which makes the apps susceptible to attacks by hackers. All sorts of applications including finance and banking, health and fitness, communication, and productivity are not immune. Appthority reveals a staggering amount of data leaked due to Firebase’s lack of data encryption:
Appthority report also states that these vulnerable data include sensitive information of enterprise including corporate private keys and access credentials, private conversations and sales info. Workhive, Booster Fuels and CryptoPost are some of the most popular enterprise apps that are vulnerable to data infringement, according to Appthority report.
As enterprise mobile apps and apps used by most of us for fun stores quite a stupendous amount of information of our lives, the vulnerability of Firebase poses a serious threat to app users worldwide. The backend database without firewall protection and authentication systems exposes the feebleness of the internet system and how much far do we have to go to secure our information and save them from unpredicted hacker attacks.
