A popular Android browser app with more than five million downloads on the Google Play Store may have been leaking user data including browser history, experts have claimed.
Cybernews (opens in new tab) says it discovered that the ‘Web Explorer – Fast Internet’ app had left its Firebase instance open – a mobile application development platform that’s designed to assist with analytics, hosting, and cloud storage.
At risk is five days’ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.
Android Web Explorer data leak
Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.
The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.
“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,” CyberNews noted.
It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, it’s not all good news: Cybernews reached out to the app’s team about its findings, but it’s yet to receive a reply.
Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded ‘secrets’ are likely still there. The researchers write: “…we can only guess what other information could be leaking through the application’s secrets”.
Fumali – Service providers Marketplace