More than 1,800 iOS and Android apps are leaking your data


smartphone apps

Alarms are being raised by Symantec, a cybersecurity organization, over the ease with which millions of people’s private information may be accessed via several apps, mostly those running iOS.

The problem would arise specifically from the reuse of valid Amazon Web Services (AWS) tokens. Which would grant access to a large number of information.

The reuse of hard-coded Amazon Web Services tokens has been identified as a severe security vulnerability in 1,859 applications, 98% of which are iOS-based. In fact, we discover the reuse of the same AWS credentials in 53% of the applications tested by Symantec. Tenfold increasing the danger of this data. For Symantec, the issue stems from the supply chain, particularly when developing apps using software development kits (SDKs).

Android and iOS apps pose data leak risks

AppStore

Gizchina News of the week


According to the company, the vulnerability is limited if the AWS code only allows access to a single file present in the Amazon Simple Storage Service (S3), however this is not the case in this instance. One of the instances is a B2B company’s SDK. Which gives clients access to all of the company’s cloud infrastructure keys in addition to its platform. There are more than 15,000 big and medium-sized businesses listed there. And Symantec claims that information about both customers and staff, as well as financial records, might accidentally be subjet of leaks.

According to Symantec, “to access the AWS translation service, the business has hard-coded the AWS access token. Anyone with the hard-coded access token, however, had complete, unrestricted access to all of the B2B enterprise’s AWS cloud services rather than just the translation cloud service.

The reuse of these tokens, which grant complete access to data on different applications, dramatically raises the danger of leakage. Even if it may be primarily inadvertent on the side of developers. According to Symantec’s investigation, 47% of the apps evaluated include AWS tokens. Which not only grant access to the files needed for coding, such as those in a private cloud area. But also to the millions of files kept by Amazon (S3).

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Source/VIA :
Read Also:  Android users get three new security features in Apple style
Previous Redmi A1: This is how the new $100 smartphone looks like
Next Google Play Store finally allows third-party payments