Public cloud services are an important tool. Offerings from Microsoft, Amazon, and Google make it possible for a lot of developers to get their apps and services out there into the world. However, it can lead to some issues, too.
That’s been revealed by research done by Zimperium, reported by WIRED today. According to the researchers, there are many apps out there that are leaking data because of improperly configured cloud services. The mobile security firm analyzed more than 1.3 million Android and iOS apps. Interestingly, the research revealed that 84,000 Android apps and 47,000 apps –of those included in the research– use public cloud services from Microsoft, or Google, or Amazon.
At least 14 percent of those apps using the public cloud services have exposed personal user data. That information can include health data and passwords. The reason? Misconfigurations that makes it possible for hackers to access that information, or, in some cases, overwrite data.
Per the report:
It’s a disturbing trend,” says Shridhar Mittal, Zimperium’s CEO. “A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now.
The report notes that the companies running these cloud services have some tools to combat these issues. And they do. But developers are also responsible, and the report indicates that a lot of the issues are coming from that part of the process. And there’s no way for users to know if their information is being leaked due to these cloud services misconfigurations.
The worst part is that some of these apps aren’t small. Some are popular. And some are coming from giant companies. And some are medical apps, too.
One of the apps in question is a mobile wallet from a Fortune 500 company that’s exposing some user session information and financial data. Another is a transportation app from a large city that’s exposing payment data. The researchers also found medical apps with test results and even users’ profile images out in the open.
You should go check out the full report at WIRED. The goal for this latest report appears to be to get developers in on how important it is to make sure cloud services configurations are properly set up. And, as a result, hopefully apps will stop leaking the sensitive information they are now.