Although security breaches in mobile applications have unfortunately become commonplace, there is another way for hackers to steal data, using the hosting services used by these applications directly on poorly configured servers.
This is an alarm signal sent to all developers: it is imperative that they check the configuration of cloud services used by their application to store user data. Zimperium security researchers have identified that thousands of applications provide access to sensitive information from their cloud.
14% apps were affected
Of the 1.3 million mobile applications analyzed by Zimperium, approximately 12,000 Android apps and more than 6,500 iOS apps used Amazon, Microsoft, or Google’s servers that were incorrectly configured. This represents 14% of cloud-based apps, which can therefore pose a serious security risk.
Even if Zimperium has not exploited these poor configurations by hackers, these bad practices can cause serious problems such as theft of confidential data, or even access to publishers’ infrastructure. Researchers cite the financial app of a large company as an example: well-exploited flaws may allow users to access banking information.
Cloud hosting service providers have data protection systems, but this is insufficient if the developer does not take the necessary precautions. Many publishers have been approached by Zimperium to correct this point, but it is impossible to warn all developers.