Due to a developer error, 5 million users could become victims of ransomware attacks.
Cybernews researchers found that Android web surfing app "Web Explorer - Fast Internet" exposes sensitive app data and users' browsing history.
The data disclosure came about because the developers left the user database open on the Firebase mobile app development platform. The base contains information about the transitions to web pages and information about the user's country of residence. Cybercriminals can use browser history to extort victims, experts say.
Also, on the client side, the application has a hardcoded "firebase_database_url" key that points to a database containing the web client ID.
Also in the application are 2 hard-coded keys:
google_crash_reporting_key allows a cybercriminal to simulate requests, breaking application crash reporting and negatively impacting performance.
google_storage_bucket allows you to read and write any information in a dedicated bucket in Google Cloud Service (GCS), which may lead to further disclosure of sensitive user data.
The application "Web Explorer - Fast Internet" is designed for web surfing, and the developers promise an increase in browsing speed by 30%. The program with a score of 4.4 has been downloaded by more than 5 million users.
Comments 0