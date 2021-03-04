



Despite Apple’s efforts to keep iOS secure, it’s difficult to control how third-party apps store user data. A new study by mobile security firm Zimperium found that thousands of iOS and Android apps expose users’ personal information due to misconfiguration of cloud services.

As Wired reported, Zimperium analyzed over 1.3 million iOS and Android apps to identify cloud misconfigurations that could lead to user data breaches. Of all the apps analyzed, 47,000 iOS apps and 84,000 Android apps use public cloud services such as Amazon Web Services, Google Cloud, and Microsoft Azure on the back end instead of using their own servers. ..

Studies show that at least 14% of these apps that use public cloud services have passwords, health data, etc. due to misconfigurations that allow hackers to access or overwrite such data. We disclose user’s personal information.

Zimperium CEO Shridhar Mittal explains that many of these developers haven’t properly configured the cloud services they use to avoid such violations.

Hacking groups have already performed this type of scan to find misconfigurations in the web services cloud. Mittal is also part of the public app storage that an attacker could use to gain deeper access to your organization’s digital systems, in addition to sensitive user data. He also said he found credentials, system configuration files, and server architecture keys.

Cloud service providers, such as Amazon Web Services, have tools to detect possible misconfigurations, but the primary responsibility for avoiding this type of situation lies with the developer. Unfortunately, most users are unaware that trusted apps can expose their data to the web.

Zimperium contacted some of the developers of the analyzed app, but most of the apps didn’t respond to requests to fix the app’s violations. Researchers say that not only small developer apps, but also large corporate apps are affected by cloud service misconfigurations.

One of the apps in question is a Fortune 500 company mobile wallet that publishes user session information and financial data. The other is a transportation app for big cities that publishes payment data. Researchers have also found a medical app that exposes test results and even user profile images.

Researchers hope that today’s report will help more developers recognize how to properly configure cloud services in their apps. You can read the full text on Wired’s website.

