Despite the obvious benefits of contemporary cloud-based, mobile application development solutions—such as cloud storage, notification management, real-time databases, and analytics—many developers of these solutions fail to properly take into account the potential security risks involved when these apps are misconfigured.
Most recently, Check Point Research has discovered misconfigurations and implementation issues that have exposed the data of 100 million mobile application users. This kind of exposure places both the users as well as the app developers at risk of reputation threats and security damage. In this instance, the developers left open notification managers, storage locations and real-time databases to access by attackers, thus leaving 100 million users vulnerable.
In terms of real-time databases, cloud services can help mobile app users sync their data to the cloud in real time. However, when developers do not correctly implement this service with authentication, any user can theoretically access that database, including all mobile customer data. In fact, researchers expressed surprise at facing no obstacles to accessing these open databases for certain apps on Google Play. Some of the aspects obtainable in this case were device locations, email addresses, passwords, private chats and user identifiers, among other attack vectors. Such vulnerabilities leave all of these users at risk for fraud and identity theft.