Android app cloud authentication failures expose data of million. At least 23 popular apps were found to have misconfigurations third party cloud services on them; examples of these apps are Taxi app, screen recorder, logo maker, fax service, and astrology software. These apps were leaking data of email records, location, messages, passwords, images, and user ID’s. The current apps in question have anywhere from 10,000 to 10 million downloads. The Taxi app for example investigators were able to send one simple message to the app’s database and receive messages, phone numbers, names, pick-up, and drop- off locations. Researchers have published an advisory on Qualcomm MSM services the vulnerability that in theory could tamper with inject malicious code into Android.
