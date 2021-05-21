Cyber experts of Check Point Research (CPR) have uncovered a major security loophole in 23 Android apps on Google Play Store.

Most of the bad Android apps are related to astrology, taxi, logo-maker, screen recording, and fax. Together they have registered millions of installations around the world.

It is believed that more than 100 million people are at risk of falling victim to phishing scams, identity theft, and service-swipes.

Note: Service-swipes mean bad actors can try using the same username-password combination on other services to data-mine for more private information.

CPR has revealed that the app developers misconfigured the apps' backup data on third-party cloud storage. Due to the bad data management, personally identifiable data of the users such as emails, chat messages, location, passwords, and photos, may get into the hands of hackers.

"CPR researchers found that Astro Guru, popular astrology, horoscope and palmistry app with over 10 million downloads, has this misconfiguration. After users input their personal information such as their name, date of birth, gender, location, email and payment details, Astro Guru provides them personal astrology and horoscope prediction report. Imagine exposing sensitive data for a horoscope prediction!" noted the Check Point Research team.

Before making the report public, CPR experts contacted both Google and respective app developers to escalate security issues with regard to the cloud data backup misconfiguration. As of now, most of them have plugged the security loophole, while some are said to be working to resolve it.

There is no word if any bad actor having prior knowledge of these apps' cloud storage security issue to have stolen user data yet.

However, Android phone owners are advised to be wary of any suspicious emails from unknown senders seeking any financial data or information. Also, make sure to install anti-virus app on their devices and upgrade to the latest software update every time you get one.

