#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

mobile application development | Breaking Cybersecurity News | The Hacker News

Category — mobile application development
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

May 12, 2020
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store. "4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said. Acquired by Google in 2014, Firebase is a popular mobile application development platform that offers a variety of tools to help third-party app developers build apps, securely store app data and files, fix issues, and ev...
Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Jun 21, 2018
Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurrency transactions. Google's Firebase service is one of the most popular back-end development platforms for mobile and web applications that offers developers a cloud-based database, which stores data in JSON format and synced it in the real-time with all connected clients. Researchers from mobile security firm Appthority discovered that many app developers' fail to properly secure their back-end Firebase endpoints with firewalls and authentication, leaving hundreds of gigabytes of sensitive data of their customers publicly accessible to anyone. Since Firebase offers app developers an API server, as shown below, to access their databases hosted with the service, attackers can gain acce...
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Jan 16, 2025Identity Protection / SaaS Security
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks . (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as little as $10 (Source: Verizon). Something doesn't add up. So, what's going on? In this article, we'll cover: What's contributing to the huge rise in account compromises linked to stolen creds and why existing approaches aren't working.  The world of murky intelligence on stolen credentials, and how to cut through the noise to find the true positives. Recommendations for security teams to stop attackers from using stolen creds to achieve account takeover. Stolen credential-based attacks are on the rise There's clear evidence that identity attacks are now the #1 cyber threat f...
Apple will let users run iOS apps on macOS

Apple will let users run iOS apps on macOS

Jun 06, 2018
Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating systems into one platform, which was being speculated for years. So, Apple made it clear that iOS and macOS will continue to be separate products. Rumors of iOS apps coming to the Mac have been around since 2017, and yesterday at Apple's WWDC 2018 event, Apple senior vice president of software engineering Craig Federighi just confirmed this while concluding his keynote. Though iOS and macOS share similar underlying frameworks, both are separate operating systems with their own separate software libraries, called UIKit used by iOS and AppKit used by macOS, which have made porting iOS apps to Mac difficult, said Federighi. "iOS devices and macOS devices of course are different...
cyber security

2024: A year of identity attacks | Get the new ebook

websitePush SecurityIdentity Security
Identity attacks were the leading cause of breaches in 2024. Learn how tooling and techniques are evolving.
Google Play Store increases Android APK Size Limit from 50MB to 100MB

Google Play Store increases Android APK Size Limit from 50MB to 100MB

Sep 30, 2015
Google is doubling the maximum APK file size on the Play Store from 50 MB to 100 MB . That means... Android app developers can now build higher quality Apps and Games that users love. Of course, for an end user it may affect the overall app performance and installation time, as well as mobile data connectivity. Google Wants Developers to Create Richer Apps By increasing file size limit from 50 MB to 100 MB, Google wants to encourage developers for creating richer apps and games , as well as help avoid the need for downloading additional files after the initial APK download. There are two primary purposes of setting a cap for APKs. The limit ensures: Developers write code efficiently and keep an eye on the overall size of their app Users don't have to wait too long to download an app or game from the Play Store However,  Expansion Files are still there to help developers build apps that exceed the 100MB barrier , but the aim to increase the bas...
Google Photo App Uploads Your Images To Cloud, Even After Uninstalling

Google Photo App Uploads Your Images To Cloud, Even After Uninstalling

Jul 13, 2015
Have you ever seen any mobile application working in the background silently even after you have uninstalled it completely? I have seen Google Photos app doing the same. Your Android smartphone continues to upload your phone photos to Google servers without your knowledge , even if you have already uninstalled the Google Photos app from your device. Nashville Business Journal editor David Arnott found that Google Photos app uploaded all his personal photographs from the device into the service even after uninstalling it. Arnott provided a video demonstration showing that after uninstalling the Google Photos app from his Samsung smartphone, the photograph he took off his coffee mug still wound up being synced into his account on the web. "Months ago, I downloaded the [Photos] app to play with it, but I did not like it and so un-installed the app after just a few days," Arnott tweeted Wednesday. "This evening, I went back to Google Photos on my l...
Verizon FiOS app vulnerability Exposes 5 MILLION Customers' Email Addresses

Verizon FiOS app vulnerability Exposes 5 MILLION Customers' Email Addresses

Jan 19, 2015
A critical vulnerability discovered in Verizon 's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS , which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it shou...
Expert Insights / Articles Videos
Cybersecurity Resources