Cybersecurity analysts discovered a popular Android app left its Firebase instance open, leading the browsing app with over 5 million downloads to leak users' browsing history that hackers could use for "extortion."
The Cybernews (opens in new tab) research team reported that "Web Explorer – Fast Internet," a browsing app for Android devices that claims to increase browsing speeds by 30% compared with other Android browsers, left an open instance that exposed app and user data. The open Firebase instance includes user data such as the user country, redirect initiating address, and redirect destination address. Firebase, a mobile app development platform, offers analytics, hosting, and cloud storage.
As the Cybernews researchers state, this data could be used by threat actors for extortion: “If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion.”
That said, the report also notes that this data wouldn't be enough for hackers to use effectively, as the attackers would need to find out where more user data would be stored by the app developers. However, cross-referencing the leaked data with additional details could still cause harm.
The app is rated highly on the Google Play Store, with an average user rating of 4.4 out of 5 stars. However, the app's listing page on the Google Play Store states that it was last updated in October 2020.
This could prove harmful, as the research team also discovered that Web Explorer – Fast Internet had hardcoded sensitive information on the client side, also known as "secrets." This means that hackers could also extract this information, and since it hasn't been updated in over two years, these secrets are still there.
Beware of suspicious messages
The open Firebase instance has reportedly been closed, meaning this information isn't accessible to attackers anymore. The Cybernews team reached out to the app developers but has yet to receive a reply.
The Cybernews team states: “Since the problem is now only partially solved and we received no response from the app developers, we can only guess what other information could be leaking through the application’s secrets.”
Users of the Android browser app should be aware of any suspicious emails or messages, as the exposed data could have led to threat actors de-anonymizing users and using this data for malicious means — whether it be phishing scams or ransomware attempts.
It's a good idea to stay protected online, and one of the best antivirus apps can help keep malware threats at bay. Recently, a vicious 'MoneyMonger' malware has been spotted using money-lending apps as bait to lure despondent victims into its predatory-loan lair.