Popular Android app with over 5 million downloads exposes user data

Close up of woman's hand using Android smartphone in the dark
(Image credit: Getty Images / d3sign)

Cybersecurity analysts discovered a popular Android app left its Firebase instance open, leading the browsing app with over 5 million downloads to leak users' browsing history that hackers could use for "extortion."

The Cybernews (opens in new tab) research team reported that "Web Explorer – Fast Internet," a browsing app for Android devices that claims to increase browsing speeds by 30% compared with other Android browsers, left an open instance that exposed app and user data. The open Firebase instance includes user data such as the user country, redirect initiating address, and redirect destination address. Firebase, a mobile app development platform, offers analytics, hosting, and cloud storage. 

As the Cybernews researchers state, this data could be used by threat actors for extortion: “If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion.”

(Image credit: Android)

That said, the report also notes that this data wouldn't be enough for hackers to use effectively, as the attackers would need to find out where more user data would be stored by the app developers. However, cross-referencing the leaked data with additional details could still cause harm.

The app is rated highly on the Google Play Store, with an average user rating of 4.4 out of 5 stars. However, the app's listing page on the Google Play Store states that it was last updated in October 2020.

This could prove harmful, as the research team also discovered that Web Explorer – Fast Internet had hardcoded sensitive information on the client side, also known as "secrets." This means that hackers could also extract this information, and since it hasn't been updated in over two years, these secrets are still there. 

Beware of suspicious messages

The open Firebase instance has reportedly been closed, meaning this information isn't accessible to attackers anymore. The Cybernews team reached out to the app developers but has yet to receive a reply.

The Cybernews team states: “Since the problem is now only partially solved and we received no response from the app developers, we can only guess what other information could be leaking through the application’s secrets.”

Users of the Android browser app should be aware of any suspicious emails or messages, as the exposed data could have led to threat actors de-anonymizing users and using this data for malicious means — whether it be phishing scams or ransomware attempts.

It's a good idea to stay protected online, and one of the best antivirus apps can help keep malware threats at bay. Recently, a vicious 'MoneyMonger' malware has been spotted using money-lending apps as bait to lure despondent victims into its predatory-loan lair. 

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.