Not long ago, CheckPoint Security researchers found databases exposed online that belonged to Android application developers. The databases did not require authentication or any security check to access them and in turn exposed data such as emails, location data, chat messages, photos, and passwords belonging to users of the apps. Some apps were more popular than others, including Astro Guru, T’Leva, Screen Recorder, and iFax along with nine others. Some of the apps also do not require a key when accessing the push notification manager, which could allow for malicious links to be added to push notifications. Although the apps themselves are not malicious, the security controls surrounding them are dangerously lacking.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in