User data not secure with thousands of apps – due to incorrect settings

A report shows that numerous apps release personal user data through incorrect cloud configurations. Including names and email addresses, passwords and even medical information.

More than 18,000 unsafe apps found

Internet security company “Zimperium” has now found out that numerous apps for iOS and Android are also affected by this problem, as the magazine ” Wired “ reports. The company scanned more than 1.3 million apps using an automated process. It looked for known configuration errors when setting up the cloud. If companies are not careful enough in handling security measures, they make cloud data vulnerable.

10 percent of the apps scanned – around 131,000 in total – use cloud services. The security researchers have found that 14 percent of them have incorrectly configured cloud settings. A total of 11,877 Android apps and 6608 iOS apps are affected.

For Shridhar Mittal, CEO of Zimperium, these results are appalling. He told Wired, “A lot of these apps have cloud storage that hasn’t been configured properly by the developer or whoever is setting it up. And that’s why the data is visible to pretty much everyone. And most of us currently have these apps installed. “

Widely used apps can also be unsafe

According to their own statements, the researchers turned to the companies concerned. However, most of them would not have reported back and thus continue to have unprotected data. For this reason, Zimperium does not name the apps affected. Among the scanned apps are also some that have several million users. One of them is a digital wallet being developed by a Fortune 500 company. The app leaks data about user sessions and finances. Another is the official transportation app for a large city. The app reveals payment information. Another medical app shows test results and profile pictures.

Hackers can access such poorly protected information with relatively simple attacks. According to Zimperium, some companies are so poorly protected that even network logins and configuration files are visible. This makes it easy for attackers to penetrate deep into the company infrastructure.

After all, app developers could counteract the problem relatively easily. In many cases it would be enough to tick a few additional ticks in the cloud configuration. In the meantime, users have to pay even more attention to what personal information they pass on in apps.