Android browser just might have leaked the details of millions of its users. As many as five million users could have had their data compromised according to reports.
Android Browser Just Might Have Leaked the Details of Millions of Its Users
One popular android browser app with over five million downloads on the Google play store may just have been leaking data of users including data history, experts have reported.
Cybernews claims that it discovered that the ‘Web Explorer – fast Internet’ app had left its Firebase instance open, which is a mobile application development platform that is designed to assist users with hosting, analytics, and cloud storage.
At risk, it is five days’ worth of redirected data and this is including country, direct initiating address, redirect destination address, and user country, all presented by user ID.
Senior journalist of Cybernews, Vilius Petkauskas explains that getting their hands on this data may not be enough to give threat actors what they really want, but however; cross-referencing it with additional details could prove to be harmful.
The App Was Found To Be Hardcoding on the Client Side
The app also was found to be hardcoding on the side of the client, including keys that are related to anonymized partial user browsing history, and unique public identifiers as well as a cross-server communication enabler.
“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,” Cybernews noted.
It has been discovered for some time now that the open Firebase instance has now been closed and it is no longer accessible. This simply means that threat actors can no longer get access to sensitive data. But however, it’s not all good news as Cybernews has reportedly reached out to the apps team in regards to its findings, but it is yet to get a reply.
The App Was Updated Last Back In October 2020 – What It Means
More digging also uncovers that the app was updated last back in October 2020, thus meaning that the hardcoded secrets are very much still there. The researchers write: “…we can only guess what other information could be leaking through the application’s secrets”.