Tens of Thousands of Android and iOS Apps expose user data: Zimperium

According to the mobile security company Zimperium; thousands of Android and iOS apps exposed user data due to popular cloud misconfigurations. These cloud misconfiguration issues were discovered in 14% of the total testing base of over 1.3 million Android and iOS users.

Tens of Thousands of Android and iOS Apps expose user data: Zimperium

Malicious attackers may be able to take advantage of the information that has been leaked as a result of the flaws. Misconfiguration issues were discovered on apps utilizing common public cloud services such as Amazon Web Services, Google Cloud, and Microsoft Azure, according to the researchers.

Among other applications, a Fortune 500 company’s mobile wallet was discovered to be revealing users’ session and payment details, which could lead to fraud.

Zimperium researchers performed an automated study of over 1.3 million Android and iOS apps and discovered misconfiguration issues in 14% of the overall testing base. The company said in a blog post that it discovered apps that leak all cloud infrastructure scripts and meanings, including SSH keys.

Some medical and social media applications, as well as a popular game and a fitness app, were among the apps that exposed PII. The fraud was also discovered in major city transit, online retailers, and gambling apps.

Furthermore, major music, news, mobile payments wallet, airport, hardware developer, and Asian government travel apps were discovered to reveal IP and device information.

However, Zimperium did not disclose the exact names of the apps that were leaking data.

According to Wired, users’ confidential information was exposed by a total of 11,877 Android apps and 6,608 iOS apps due to popular cloud misconfigurations. Amazon, Google, and Microsoft, for example, provide ways to shield data from being exposed to the cloud.

Importantly, Zimperium is one of the three mobile protection companies that have joined Google’s App Defense Alliance, which aims to provide automated app scanning for Google Play.

Comments

Popular posts from this blog

12 Things to Consider Before Adopting a Cat