Comparitech, a computer security company, talks about a critical vulnerability found in 24,000 applications in the official Google Play app store.
As it turned out, often incorrect configurations of the Google Firebase security system allow attackers to easily find and access user data in thousands of applications. The total number of “leaky” application downloads reaches 4.22 billion worldwide.
Recall Firebase is a cloud platform that allows application developers to store and synchronize data. It was bought by Google in 2014.
A qualified hacker can penetrate the system and steal a huge amount of important personal data, including email addresses, passwords, logins, telephone numbers, email addresses and even IP addresses. As Comparitech notes, some Firebase databases even contain banking data and photos. Such information can be very costly and bring a solid income to the attacker.
In addition, hackers can add, modify and delete data from the server. This allows you to add information to the application, such as fake message headers, distribute malicious code, use fake tricks in the application, and simply ruin the application’s database.