• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

Millions of apps are exposing sensitive & unencrypted user data

April 18th, 2018 Waqas Security, Leaks 0 comments
Millions of apps are exposing sensitive & unencrypted user data
Share on FacebookShare on Twitter

Security researchers at Kaspersky Lab discovered that about 4 million popular mobile apps are unreliable because these use insecure Software Development Kits or SDKs, which leads to leaking of user data in unencrypted form. The leaked data includes private information like name, gender, age, income, email address, device information, GPS data, call history, SMS and phone number.

[squaread][/squaread]

SDKs are used solely for advertising purposes and in this case, the app developers are to be blamed because they have failed to protect ad-targeting data, which has to be transmitted to third party advertisers.

The research findings were publicly disclosed at the RSA conference. At the conference, Kaspersky Lab security researcher Roman Unuchek stated that the scale of “careless application design” is much broader than they initially expected and the consequences are alarming.

More: iPhone apps can access cameras to secretly take photos and record videos

“Millions of applications include third-party SDKs, exposing private data that can be easily intercepted and modified – leading to malware infections, blackmail and other highly effective attack vectors on your devices.”

The fact cannot be ignored that advertising is vital for the survival of a majority of e-commerce websites and app-based services because in free versions of mobile apps, without advertising it would become difficult for developers to earn revenues to further improve and support it.

SDKs have proven to be an excellent tool for integrating ads into mobile apps; these developmental tools are usually offered by third-parties for free and can collect critical user information that helps in displaying targeted, relevant advertisements. The problem is that if the SDKs aren’t properly secured, then the security of the mobile app that uses them to display ads would be compromised, and in turn, sensitive user data would be leaked.

According to researchers, they identified the issue while evaluating a number of dating apps some of which were transmitting unencrypted information over the HTTP protocol. All due to non-secure SDKs because unprotected SDKs cannot keep the data secure and transmit it to their servers without encrypting them. And how can we ignore the fact that these transmit data over HTTP protocol, which is not as secure and reliable as HTTPS.

The information transmitted through HTTP is neither secure nor encrypted. Hence, the apps are easily leaking private and confidential user information and making mobile users vulnerable to all sorts of cybercrimes including spying, identity theft, and Man-in-the-Middle attacks, etc.

“We searched for the two most popular HTTP requests – GET and POST. In GET requests user data is usually part of the URL parameters, while in GET requests user data is in the Content field of the request, not the URL. In our research, we looked for apps transmitting unencrypted user data using at least one of these requests, though many were exposing user data in both requests,” noted Unuchek.

Another issue is that the intercepted data, claim researchers, can be modified so the application will start displaying malicious ads instead of authentic ones. Since users will be compelled to download any of the promoted apps the chances are bright that they would be downloading malware.

More: Google collects Android location data even if location service is off

It is also observed that the apps involved already feature millions of installations from across the globe. Most common web domains identified to be used by ad networks and were leaking data include rayjump.com, mopub.com, tappas.net, appsgeyser.com, and Nexage.com.

Kaspersky Lab researchers stated that over 63% of the mobile apps have shifted to HTTPS from HTTP by January 2018 but still, nearly 90% of these apps are using HTTP protocol in various processes. These are the apps that are leaking unencrypted data. Developers need to completely switch to HTTPS and enable encryption for optimal security of user data and privacy. The apps or advertisers behind the SDKs haven’t been named by the research team at Kaspersky Lab.

Meanwhile, you need to carefully analyze the permissions requested by the apps and what these can access on your mobile. Also, do consider using a trustworthy VPN service like IPVanish to keep traffic traveling between the device and server encrypted.

Image credit: Depositphotos

  • Tags
  • Advertising
  • Android
  • APPS
  • Data
  • internet
  • iOS
  • LEAKS
  • Privacy
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Vlogger loses $2M in cryptocurrency during YouTube live stream
Next article A Facebook malware has compromised thousands of accounts
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

30
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

104
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

123

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us