1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This Android browser might have leaked the details of millions of

    From TechnologyDaily@1337:1/100 to All on Thu Dec 15 19:45:04 2022
    This Android browser might have leaked the details of millions of users

    Date:
    Thu, 15 Dec 2022 19:29:49 +0000

    Description:
    Android browser app was last updated two years ago, and has been leaking its users redirect data and more.

    FULL STORY ======================================================================

    A popular Android browser app with more than five million downloads on the Google Play Store may have been leaking user data including browser history, experts have claimed.

    Cybernews says it discovered that the Web Explorer - Fast Internet app had left its Firebase instance open - a mobile application development platform thats designed to assist with analytics, hosting, and cloud storage .

    At risk is five days worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID. Android Web Explorer data leak

    Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.

    The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler. Read more

    These are the best firewall tools


    Millions of Twitter users have had their data leaked online


    Sequoia breach sees hackers access customer Social Security numbers and
    COVID-19 test results

    If threat actors could de-anonymize the apps users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion, CyberNews noted.

    It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, its not all good news: Cybernews reached out to the apps team about its findings, but its yet to receive a reply.

    Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded secrets are likely still there. The researchers write: ...we can only guess what other information could be leaking through the applications secrets. Secure your data with the best ID theft protection



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-android-browser-might-have-leaked-the-deta ils-of-millions-of-users


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)