A recent report from Appthority demonstrates that information belonging to millions of users has been leaked via apps with misconfigured Firebase databases. Firebase is one of the more popular mobile/web development platforms, powering app features like messaging, notifications, and authentication.
Winston Bond, Technical Director EMEA at Arxan has provided comment around this new data exposure.
Winston Bond, Technical Director EMEA at Arxan:
“According to a new report by Appthority, information belonging to millions of users has been leaked via apps with misconfigured Firebase databases.
Leaks like this confirm what we have been saying for a long time. Companies underestimate the threat vectors created by the widespread use of mobile applications. It is a relatively simple task to reverse engineer a mobile application giving access to IP, business logic or communication protocols so companies really need to take care of the integrity of their mobile applications and make it difficult to reverse engineer them.
It must be remembered that even if the database is secured behind a thick wall, the mobile app always has its own door. Even once protected from reverse engineering and tampering, companies need to ensure their security practices include detection and reporting of attacks within their app, as well as encrypting data end-to-end.”