According to a new report from the app company for mobile app Appthority, which carries the Mobile Threat Report to the 2nd quarter of 201
Appthority now reports that the problem occurs when app developers do not require authentication of Google Firebase cloud databases, something that does not run by default when developers use the popular development tool.
Appthority has found that of the 1,275 iOS apps that use a Firebase database, 600 are vulnerable. In total, more than 3,000 apps lost data from 2,271 misconfigured databases. And among the leaked data are 2.6 million plain-text passwords and user IDs, more than 4 million protected health information and 50,000 financial records.
"To properly secure data, developers must implement user authentication specifically for all database tables and rows, which is rare in practice," Appthority writes in the report. "In addition, it does not require attackers to find open Firebase app databases and gain access to millions of private mobile data app records.
As of Bleeping Computer reported Firebase is a Google product that includes backend tools for creating mobile apps used by many Android developers, but iOS apps also use the data storage and analysis service. Appthority rated 2, 7 million iOS and Android apps to identify 28,502 mobile apps – 27,227 Android and 1,275 iOS – the data stored in Firebase backends.
Apporthority also found that with increasing Firebase usage, the number of vulnerable apps also increased 4.578 (9 percent), were vulnerable.
Appthority recommends that developers protect their data more effectively.
"You need a thorough security check Appthority writes in the report, "Connections, self-developed apps, and public apps are available for employee productivity." "You may find it difficult to gain insight into the threat posed by this threat in EMM published corporate and public apps without an automated MTD solution focused on app threats and back-end vulnerabilities such as Appthority Mobile Threat Protection."
Google was notified of issue and provided a list of affected apps and servers.