ADVERTISEMENT
Data of 10 crore Android phone users compromisedIt is believed that more than 10 crore people are at risk falling victim to phishing scam, identity-theft, and service-swipes.
Rohit KVN
DH Web Desk
Last Updated IST
23 Android apps are said to have security loophole in cloud storage backup system. Picture Credit: Pixabay
23 Android apps are said to have security loophole in cloud storage backup system. Picture Credit: Pixabay

Cyber experts of Check Point Research (CPR) have uncovered a major security loophole in 23 Android apps on Google Play Store.

Most of the bad Android apps are related to astrology, taxi, logo-maker, screen recording, and fax. Together they have registered millions of installations around the world.
It is believed that more than 10 crore people are at risk of falling victim to phishing scams, identity theft, and service-swipes.

Note: Service-swipes mean bad actors can try using the same username-password combination on other services to data-mine for more private information.

ADVERTISEMENT

CPR has revealed that the app developers misconfigured the apps' backup data on third-party cloud storage. Due to the bad data management, personally identifiable data of the users such as emails, chat messages, location, passwords, and photos, may get into the hands of hackers.

"CPR researchers found that Astro Guru, popular astrology, horoscope and palmistry app with over 1 crore downloads, has this misconfiguration. After users input their personal information such as their name, date of birth, gender, location, email and payment details, Astro Guru provides them personal astrology and horoscope prediction report. Imagine exposing sensitive data for a horoscope prediction!" noted the Check Point Research team.

Before making the report public, CPR experts contacted both Google and respective app developers to escalate security issues with regard to the cloud data backup misconfiguration. As of now, most of them have plugged the security loophole, while some are said to be working to resolve it.

There is no word if any bad actor having prior knowledge of these apps' cloud storage security issue to have stolen user data yet.

However, Android phone owners are advised to be wary of any suspicious emails from unknown senders seeking any financial data or information. Also, make sure to install anti-virus app on their devices and upgrade to the latest software update every time you get one.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 21 May 2021, 22:14 IST)