A popular Android role-playing game, Tap Busters: Bounty Hunter, leaked sensitive user data including users’ private conversations, a report from Cybernews shared.
The app which has over a million downloads on Google Play Store with a 4.5-star rating left its database open to the public, allegedly leaking users’ private conversations for over five months, the report shared.
The games’ app also left sensitive data hardcoded into the client side of the app making it vulnerable to further leaks.
The leak was found to exist due to unprotected access to Firebase, Google’s mobile application development platform used for cloud-hosting database services. Unprotected access could allow anyone to access the database compromising the security of users.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The unprotected data included sensitive information including user ids, usernames, timestamps, and private messages.
Developers also left sensitive information, known as secrets hardcoded in the application’s client-side making it easily vulnerable to reverse engineering attacks.
Tap Busters: Bounty Hunters were found to be one of the thousands of apps on the Google Play Store vulnerable to data leaks, the report shared.
Over 33,000 Android apps were also found to have and found sensitive types of hardcoded secrets leaving sensitive user data exposed to malicious threat actors.