Application bugs have affected more than 100 million users

Attackers could easily gain access to data from more than 100 million users due to bugs in some popular applications. The Check Point Research team examined 23 Android applications and found several bugs that could allow attackers to access users’ email addresses, chat messages, location, passwords, or photos. The portal addressed the topic DarkReading.

In particular, poorly secured cloud databases were at risk

Problems in the applications occurred mainly in connection with cloud storage. In 13 of these applications, the team was able to easily retrieve sensitive data from insecure cloud databases. The popular application for the taxi service, which has more than 50,000 downloads in the Play store, also had a problem. The team gained access to messages between drivers and passengers and also was able to obtain users’ full names and telephone numbers.

Analyzing the Screen Recorder app, which has more than 10 million downloads in the Play store, the company was able to obtain the keys that gave them access to users’ recordings. Another application called iFax had built-in keys in the application that would allow attackers to access all faxes.

The team also found a bug in some of the applications that would allow attackers to send malicious push notifications through the application.

Some applications have already fixed the bugs

The company said in a report that it reported its findings to Google and the developers of the tested applications before publishing those findings. Some of the applications have already managed to fix the errors.