Despite Apple’s efforts to keep iOS safe, it is difficult to have control over how third-party applications store user data. New research by mobile security company Zimperium found that thousands of iOS and Android apps are exposing users’ personal information due to improperly configured cloud services.
As reported by Wired, Zimperium analyzed more than 1.3 million iOS and Android apps to identify incorrect cloud settings that lead to user data exposure. Of all the apps reviewed, 47,000 iOS apps and 84,000 Android apps have used public cloud services like Amazon Web Services, Google Cloud or Microsoft Azure on their backend instead of having their own servers.
The survey found that at least 14% of those applications that use public cloud services expose users’ personal information, which includes passwords and health data, due to incorrect settings that allow hackers to access and even overwrite such data.
Zimperium CEO Shridhar Mittal explains that many of these developers have not properly configured the cloud service they are using to prevent breaches like this.
Hacker groups are already doing this type of scanning to find incorrect cloud settings in web services. And Mittal says that in addition to the user’s confidential data, the researchers also found network credentials, system configuration files and server architecture keys in some of the exposed storage applications that attackers could use to gain deeper access to systems digital images of an organization.
Although cloud service providers, such as Amazon Web Services, have tools to detect possible misconfigurations, the primary responsibility for preventing this type of situation lies with the developers. Unfortunately, most users have no idea that their data can be exposed on the web by applications they trust.
Zimperium contacted the developers of some of the applications reviewed, but most of them did not respond to a request to fix the breach in their applications. The researchers say that not only small developers’ applications were affected by incorrect cloud service configurations, but also the applications of large companies.
One of the applications in question is a mobile wallet from a Fortune 500 company that exposes some user session information and financial data. Another is a transportation app from a major city that is displaying payment data. The researchers also found medical apps with test results and even pictures of users’ profiles outdoors.
Researchers hope that today’s report will make more developers aware of how to properly configure cloud services in applications. You can read the full story at Wired on the Internet network.
FTC: We use affiliate links for cars that generate revenue. Most.
Check out 9to5Mac on YouTube for more news from Apple: