The bad news regarding security continues, and in this case we return to the android world and a handful of popular applications that decided to keep the confidential data of their users in a rather irresponsible way.
It has been CheckPoint that has detected that several applications that add more than 100 million downloads, including some such as Logo Creator, AstroGuru, Screen Recorder or iFax, have been saving sensitive user data, including emails, passwords, photos and messages. , insecurely.
CheckPoint Research indicates that These apps are storing information in databases in an unprofessional way, without encrypting the data, so that any attacker can access sensitive information simply by querying the database of said apps.
If access to databases is not protected, attackers can analyze the urls responsible for the queries and imitate them, or intercept the requests, something that is not very difficult to do.
In this way, the researchers managed to obtain private content without the apps detecting it, without receiving a block, and all the information was in free text, perfectly visible to any curious.
They are real-time databases, and they are not protected by authentication. They are updated and consulted several times per second by the app, but they allow obtaining requests from outside of them.
CheckPoint has already notified communicators and Google of the problem, so the apps are already beginning to update their code to comply with the rules of common sense.