Top Android and iOS apps used by millions could shed unencrypted cloud logins

2 weeks ago

Digital clouds against a bluish background.

(Image credit: Shutterstock / Blackboard)

A number of celebrated Android and iOS mobile apps boasting millions of users carried a awesome vulnerability that could person been utilized to leak delicate personification data.

A study from cybersecurity researchers astatine Symantec recovered nan problem is thing much than package developers not paying capable attraction astatine work.

The researchers discovered 8 apps, connected connection via Google Play and nan App Store, that contained hardcoded, unencrypted credentials for unreality services. On these services, nan apps stored delicate personification information, so, successful theory, should a malicious character get nan binaries, aliases root codes, of immoderate of these apps, they could easy exfiltrate people’s accusation and frankincense put them successful harm’s way.

Thousands of compromised websites

On Android, nan apps were The Pic Stitch (a collage-editing app for Android pinch much than 5 cardinal users), Meru Cabs (a taxi-hailing app pinch much than 5 cardinal users), Sulekha Business-List & turn (500K+ downloads), ReSound Tinnitus Relief (500,000 users), Saludsa (100,000+ users), Chola Ms Break In (100,000 users), EatSleepRIDE Motorcycle GPS (100,000 users), and Beltone Tinnitus Calmer (100,000 users).

Apple does not stock iOS app download figures, however, location are app shop ratings, which tin beryllium utilized to determine, astatine slightest successful part, nan number of downloads. Therefore, we person Crumbl (a desert-ordering app pinch 4.3 cardinal ratings), Eureka (a study app pinch much than 400,000 ratings), Videoshop (350K ratings), Solitaire Clash: Win Real Cash (240,000 ratings), and Zap Surveys - Earn Easy Money (235,000 ratings).

There is not overmuch end-users tin do here, since this is simply a problem pinch nan app itself, and thing nan developers could person easy remedied. Still, Symantec recommends installing an antivirus program and only downloading apps from reputable sources (such as, ahem, Google Play Store, aliases nan Apple Store).

Via The Register

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Crypto fans beware — hundreds of Android apps recovered utilizing OCR to bargain login details
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology