ESET Mobile Security recognised with top score in AV-TEST ‘best antivirus for Android’

Comments: Personal details of over 100 million users exposed from Android applications

Comments by: Aviran Hazum, Manager of Mobile Research at Check Point Software Technologies

Most of the apps we took a look at are still exposing the data now. Data gathering, especially by a malicious actor, is very serious. Ultimately, victims become vulnerable to many different attack vectors, such as impersonations, identify theft, phishing and service swipes.

Our latest research sheds light on a disturbing reality where application developers place not only their data, but their private users’ data at risk. By not following best-practices when configuring and integrating third party cloud-services into applications, tens of millions of users’ private data has been exposed.

We hope our research sends a strong message to the developer community to be extra careful on how they use and configure third party cloud services. To solve, developers need to scan their applications for the vulnerabilities we’ve outlined.

Comments by: Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group

The recent research uncovering widespread misconfigurations in both the apps themselves and the databases where app data is stored isn’t surprising. And yet, the fact that users’ names, email addresses, birth dates, messaging data, location, passwords, payment information, and more is exposed is highly worrisome. The best way to safeguard security is for app developers to use a Secure Development Life Cycle, in which security is part of every phase of development, from design through implementation, testing, and maintenance.

In addition to misconfiguration issues, a highly important — and often neglected — part of secure development which impacts user data and privacy is managing the use of open source components. As highlighted in the recent Synopsys CyRC report, ‘Peril in a Pandemic‘, almost two-thirds of the most popular apps in the Play Store contain vulnerabilities from open source components. Out of those, 94% of the vulnerabilities have publicly documented fixes, meaning the vulnerabilities can be eliminated if the app developers update the app to use the latest versions of the open source components.  

This site uses Akismet to reduce spam. Learn how your comment data is processed.