wordpress blog stats
Connect with us

Hi, what are you looking for?

Researchers find personal data of users exposed on Google’s app development platform

Investigation finds that user data stored by apps on Google’s Firebase platform is a serious data breach waiting to happen.

Nearly 19,000 out of 180,300 databases on Firebase were found to be exposed leaving them open to unauthorised access in a research study conducted by Avast Threat Labs in July this year, the antivirus software company revealed in a blog.  The exposure, simply put, leaves nearly 10.7 percent of tested Play Store apps open to risks of legal, regulatory, and financial risks such as theft. 

Firebase is Google’s mobile and web app development platform. The Google Play store has over 3 million apps in total as Android is the most popular mobile operating system in the world.

Applications store and use a variety of user data which consists of personally identifiable information like names, birthdates, addresses, phone numbers, location, service tokens, and keys, among other things. The vulnerability puts the data stored and used by Firebase-based apps at a severe threat of misuse by cybercriminals and hackers.

What did Avast do with its findings? 

Avast clarified that these IP addresses were statically and dynamically extracted from Android apps. It found the situation to be alarming as the app databases also contain plaintext passwords. The company said that given the nature of the problem,  users cannot protect themselves against potential data breaches and that the problem will have to be resolved from the developer’s end. 

The firm reasoned that the flaw is a result of misconfiguration by app developers who resort to bad practices at times.

Advertisement. Scroll to continue reading.

“Of course, our testing shows only a subset of all existing Firebase instances. However, we believe that this 10.7% number can be a reasonable representative sample of the total number of Firebase instances that are currently open,” Avast wrote in its blog. 

It wrote that it presented the details to Google and urged them to “inform developers of the apps we identified as open” It also reached out to some of the developers and advised them to follow the practices laid down by Google itself. 

Instances of vulnerable apps found on Google Play store

August 2021: Eight apps masquerading as cryptocurrency mining apps were identified as malware because of a report by Trend Micro, a cyber security research firm. The report stated that these apps tricked victims into watching ads, paying for subscription services with an average monthly fee of $15, and paying for increased mining capabilities without getting anything in return.

July 2021: Google’s Android app had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim’s device, Sergey Toshin, founder of mobile app security startup Oversecured, said in a blog post. The app which offers services like Search, Discover, and Explore, has more than five billion installs to date. 

December 2020: A security flaw in a popular Android library left around 8 percent of Android apps available on the Google Play Store vulnerable, according to security firm Check Point. ZDNet reported.

May 2020: Security researchers found a major vulnerability in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data. The vulnerability was dubbed StrandHogg 2.0 and affected all devices running Android 9.0 and earlier, according to TechCrunch.

March 2020: Check Point discovered 56 apps containing a malware programme that had infected a total of 1 million devices. The malware programme was designed to evade detection by Google Play Protect and then click on ads fraudulently.

Advertisement. Scroll to continue reading.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover several beats such as Crypto, Telecom, and OTT at MediaNama. I can be found loitering at my local theatre when I am off work consuming movies by the dozen.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ