May 21, 2021
After examining 23 Android applications, Check Point Research (CPR) noticed mobile app developers potentially exposed the personal data of over 100-million users through a variety of misconfigurations of third party cloud services.
The research was carried out by a team at CPR that included Aviad Danin, R&D team leader, Aviran Hazum, analysis and response team leader, Bogdan Melnykov, reverse engineer, Dana Tsymberg, cybersecurity analyst, and Israel Wernik, cybersecurity researcher, who published a blog with the findings after first alerting Google and the app developers.
Personal data included emails, chat messages, location, passwords and photos, which, in the hands of malicious actors could lead to fraud, identity-theft and service swipes.