Home » Malwares » News Room » Malicious Android apps are now exposing the personal data of more than 100,000 users’

Malicious Android apps are now exposing the personal data of more than 100,000 users’

Disclosure: All information on this site is harmless and purely for educational purposes which is why we post only authentic, unbiased information! The affiliate links are really there for discounts for our readers and for us to earn small commissions that help us stay afloat! Thanks!

Security firm CheckPoint in their latest report revealed that more than 23  malicious Android apps carried a variety of cloud misconfigurations. These misconfigurations are due to the data exposure of more than 100 million users.

The company confirmed that the issue originates from misconfiguring the: 

  • Cloud storage keys
  • Push notifications
  • Emails
  • Chat messages
  • Photos
  • Phone numbers
  • Location
  • Passwords
  • Browsing history
  • Backups
  • Real-time database

Besides this, the researchers also found that the app developers have embedded keys needed to send the push notifications and access the cloud storage services into the apps. This favors the threat actors as they can send a rogue or bogus notification to all users and pretends to the developer. Moreover, they can target the victims by launching a phishing attack and getting an entry point for committing more sophisticated attacks.

The Android apps that were examined in the report include; logo maker, screen recorder, fax service, taxi app, and astrology software.  These apps receive 10,000 to 100 million downloads. All these apps leaked chat messages, email records,  images, IDs, passwords, and location details.

The most alarming thing is that some users’ data are publicly available in the unsecured cloud setup. The misconfiguration issues with the malicious Android apps that it is a comprehensive issue and can be exploited for malicious purposes.

According to the researchers, these security flaws are because the developers are failing to implement the best practices when configuring and integrating the third-party cloud services into their applications.

The report also highlighted that only a few apps altered their configuration in response to the exposure. This leaves the users to remain vulnerable to potential threats such as identity theft and password theft.

Previously, the researchers published an advisory on Qualcomm MMS data service that can be used to transfer malicious code into Android handset modems.

Now, it is high time for the Android developers to look into this matter seriously and adopt every possible way to protect user online privacy.


Unlock the power of online security with our in-depth reviews and expert insights. Discover the best VPNs, password managers, and privacy tools to safeguard your digital world.