Defective Android apps to have leaked personal data online


According to Check Point Research, 23 defective Android applications have been found to have put the personal data of more than 100 million users at risk.

Indeed, it was reported that sensitive data, including emails, messages, and passwords, with between 10,000 and 10 million downloads apiece, push notification, and cloud storage keys embedded, have been released online. The vulnerable applications have been identified as the ones used for astrology, taxis, logo-making, screen recording, and faxing.

It is believed that this exposure happened due to developers’ failure to follow best practices when configuring and integrating third-party cloud services into the applications. With a hybrid and multi-cloud strategy, data becomes dispersed across multiple clouds as well as their own datacentres, hence making data security even more difficult to manage as cloud infrastructure complexity grows. This is why data and cloud security are vital for apps to function properly.

Hence, it was advised that developers adopt data-centric security practices to protect data even if other security layers fail or are bypassed, as well as use technologies such as tokenization and format-preserving encryption to prevent a full-blown data breach. With the growing threats from cybercriminals, it is essential to have an effective mobile threat defense solution that can detect and respond to the different attacks all the while giving a positive user experience.

It was also recommended that users keep good password hygiene including not reusing passwords; not using passwords with obvious patterns; being careful on login attempts, password reset attempts, or account recovery attempts.