(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Several mobile apps, hosted in both iOS and Android, exposed crucial user data prone to misuse due to unsecured cloud storage, accordimg to app security firm Zimperium.
The research firm estimates 14% of mobile apps that use cloud storage had unsecure configurations making the data stored in them vulnerable to leaks and misuse.
"In apps around the world and in almost every category, our analysis revealed a number of significant issues that exposed Personally identifiable information (PII), enabled fraud and/or exposed IP or internal systems and configurations," Zimperium said in a blog.
PII data includes profile picture, personal address, financial information, and medical test data.
Configuration Information is needed for the normal operation of the app. This can be the entire cloud infrastructure scripts, web server config files, installation files and even passwords.
Also Read : French hacker says Koo app leaks user data, company denies
This kind of information could enable an attacker to understand the computing infrastructure of a company and eventually take over the backend infrastructure.
Some of the apps identified to be leaking substantial personal information were in the most widely used app categories like social media , travel, medical, payment, online shopping, gaming, fitness and gambling apps.
These apps were found to expose blank checks of users that can used to make fraudulent transactions via online shopping apps, exposing customer's payment information and allowing attackers to steal money.
The app security firm highlighted that in today’s world, we have an app for everything we want to do but apps need data that is constantly available and scalable.
Zimperium believes that app developers rely heavily on several cloud service providers that provide infrastructure to easily store data and real-time access to information.
Also Read : China to develop tech to deal with misbehaving apps, plug personal information leaks
They allow developers to turn over the “burden” of thinking about anything but the app they are developing, Zimperium said.
However the ease of use of these services also makes it easy for the developer to misconfigure access policies that can allow anyone to access and even alter data.
The research focused on four main cloud storage services that includes Amazon Web Services S3, Google Storage, Microsoft Azure and Google Firebase.
