Security researchers at Check Point recently reported on the discovery of a series of Android apps with poor security that users need to immediately remove from their phones to avoid leaking personal data when using them. use.
In their report, security researchers said that there are about 23 applications available on Google Play that violate privacy guidelines in collecting and storing user information. Each app has between 50,000 and 10 million downloads.
Of those 23 apps, 13 store user data in the cloud but are not secure enough to allow hackers to access public data.
Even hackers can take advantage of the vulnerability to modify the developer’s notice, and replace it with misleading content or malicious links.
According to this report, at least 100 million Android users are at risk of phishing, identity theft, and malware attacks due to these vulnerabilities.
However, Check Point only lists 5 out of 13 applications that need attention, including:
Astro Guru: A horoscope app that stores the user’s full name, date of birth, gender, GPS location, email address, and payment information. This app has more than 10 million downloads.
iFax: A mobile fax application. This application stores in a cloud database all documents submitted by more than 500,000 users.
Logo Maker: A logo design application that stores the full names, account IDs, emails and passwords of over 170,000 users.
Screen Recorder: The developer of this app stored users’ passwords unsecured on a cloud service, making the data vulnerable to leaks. This app has been downloaded more than 10 million times.
T’Leva: A taxi-hailing app from Angola that keeps a history between drivers and riders, accessible location data, names and phone numbers. This app has been downloaded more than 50,000 times.
Check Point has notified the app developers of its findings. However, they have only received feedback from Astro Guru, and some of the above applications are still available on Google Play.