Firebase Database is a cloud-hosted database used by app developers to build mobile and desktop-based apps in which data is stored and synchronized in real time. Data persists locally, and even when offline, real-time events continue to fire, providing a responsive experience to the end user.
Now, researchers at Avast Threat Labs found that more than 19,300 Android apps were exposing user data, including personally identifiable information (PII) gathered by the app, such as names, addresses, location data, and in some cases Passwords are also included, which is due to misconfiguration of the Firebase database. Researchers found that the flaw not only affected Android apps across categories, but it also affected apps in regions around the world, including Europe, Southeast Asia and Latin America.
Avast wrote in a blog post announcing its discovery, “These open instances put data stored and used by apps developed with Firebase at risk of theft. Can also contain plain text passwords.
In a blog post, malware researcher Vladimir Martanov at Avast explained—”Each of these open instances is a data breach event waiting to happen and could pose significant business, legal and regulatory risks if they occur. Potentially the personal information of more than 10% of users of Firebase-based apps could be at risk.”
Never do this on the Google Play Store:
1. Never download any app from Google Play Store without verifying it. Read the docs out there carefully, there will be many problems which would indicate that it is unsafe to download. There will even be language problems and spelling mistakes.
2. Don’t download apps that promise to reward you without asking you to pay anything or very little.
3. Never download an app without reading user reviews.
4. Don’t download apps that ask for permission that you are uncomfortable giving or that may reveal your secret details.
5. Never install apps without good anti-virus software. Mobile Anti-Virus helps protect you and your phone from online criminals.