Researchers analyzing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to over 100 million users, as reported by Information Security Buzz.
In a report published on Thursday by Check Point Research (CPR), the cybersecurity firm said no less than 23 popular mobile apps contained a variety of “misconfigurations of third party cloud services.”
According to CPR, the 23 Android apps examined — including a taxi app, logo maker, screen recorder, fax service, and astrology software — leaked data including email records, chat messages, location information, user IDs, passwords, and images. In 13 cases, sensitive data was publicly available in unsecured cloud setups. These apps accounted for between 10,000 and 10 million downloads each.
As to how this has come about, ZDNet finds that too many apps seek to integrate with real-time databases to store and synchronize data across different platforms. All to often, the developers of some of the apps examined failed to make sure authentication mechanisms were in place.
Such issues carry risks to consumers, Pravin Rasiah, VP of Product, CloudSphere, tells Digital Journal.
Central to these risks is the application and use of cloud computing. In Rasiah’s opinion: “While cloud-based applications provide numerous benefits in management, accessibility and scalability, it only takes one oversight in authorization to put customer data at risk.”
What is needed is good governance, Rasiah explains, noting: “Without a comprehensive view of the entire cloud landscape, any gaps in security can exist for a prolonged period of time, waiting for a threat actor to find and exploit the data within.”
There are measures that can be taken. As Rasiah recommends: “To combat this risk, businesses should leverage a cloud governance platform providing the real-time observability required to stay apprised of any changes or updates in policy.”
In terms of what success will look like, Rasiah foresees: “These security guardrails ensure IT teams can remediate any flaws as soon as they occur. This way, businesses can minimize the attack surface in the cloud and ensure data remains protected.”