According to Check Point Study (CPR), recently found that over the past few months, many application developers have left their data and personal information to millions of users, not following best practices in configuring and integrating third-party cloud services into their applications.
The wrong configuration puts users ‘personal data and developers’ internal resources, such as access to update mechanisms, storage and others at risk, the report said.
Personal data includes emails, chat messages, location, passwords and photos, which in the hands of malicious actors can lead to fraud, identity theft and relocation of services.
According to the report, researchers found that Astro Guru – the popular app for astrology, horoscope and palmistry with over 10 million downloads – has the wrong configuration.
After users enter their personal information, such as name, date of birth, gender, location, email and payment details, Astro Guru provides them with a personal astrology report and horoscope, the report said.
This incorrect real-time database configuration is not new and continues to be widespread, affecting millions of users, the report said.
All CPR researchers had to do was try to gain access to the data. There is nothing in place to stop unauthorized access from happening, he added.
The report says that an effective solution to protect against mobile threats must be able to detect and respond to various attacks, while providing a positive user experience.