Tweet
A popular Android browser app with more than five million downloads on the Google Play Store may have been leaking user data including browser history, experts have claimed.
Cybernews says it discovered that the âWeb Explorer - Fast Internetâ app had left its Firebase instance open - a mobile application development platform thatâs designed to assist with analytics, hosting, and cloud storage.
At risk is five daysâ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.
[HEADING=1]Android Web Explorer data leak[/HEADING]
Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.
The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.
Read more
> These are the best firewall tools
âIf threat actors could de-anonymize the appâs users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,â CyberNews noted.
It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, itâs not all good news: Cybernews reached out to the appâs team about its findings, but itâs yet to receive a reply.
Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded âsecretsâ are likely still there. The researchers write: ââŚwe can only guess what other information could be leaking through the applicationâs secretsâ.
[ul]
[li]Secure your data with the best ID theft protection[/li][/ul]
Continue readingâŚ
Cybernews says it discovered that the âWeb Explorer - Fast Internetâ app had left its Firebase instance open - a mobile application development platform thatâs designed to assist with analytics, hosting, and cloud storage.
At risk is five daysâ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.
[HEADING=1]Android Web Explorer data leak[/HEADING]
Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.
The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.
Read more
> These are the best firewall tools
Millions of Twitter users have had their data leaked online
Sequoia breach sees hackers access customer Social Security numbers and COVID-19 test results
It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, itâs not all good news: Cybernews reached out to the appâs team about its findings, but itâs yet to receive a reply.
Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded âsecretsâ are likely still there. The researchers write: ââŚwe can only guess what other information could be leaking through the applicationâs secretsâ.
[ul]
[li]Secure your data with the best ID theft protection[/li][/ul]
Continue readingâŚ