This Android app found leaking users’ private chat – Times of India
Over the last few years, voice chat apps have become essential for education, learning, socializing, gaming, and work-related purposes. With numerous apps in the market, including popular ones such as Zoom, Skype, Google Meet, Microsoft Teams, Discord, and WhatsApp, voice-chat functionalities are widely available.
But one of the voice chat apps on Android has been leaking user’s private calls. A research by Cybernews has revealed that the OyeTalk app, which has five million downloads on the Google Play Store and a 4.1 out of 5-star rating from 21,000 reviews, had left its database accessible to the public.
This security lapse exposed users’ private data and conversations. The OyeTalk platform enables users to interact in discussion rooms on various topics and host podcasts. The app is marketed as “one of the fastest-growing audio talent-hosting applications” and is available for download in over 100 countries.
The voice-chat app OyeTalk was found to expose user data and conversations through unprotected access to Google’s Firebase. The data leaked included user chats, usernames, and cellphone IMEI numbers, which threat actors could exploit to impose ransom.
Additionally, sensitive data was hardcoded into the application’s client side, including a Google API key and links to Google storage buckets, which made the app vulnerable to reverse engineering. The app developers failed to close public access to the database after being informed of the data spill. Google’s security measures closed off the instance due to the large dataset.
The OyeTalk app has been found to have a history of data leaks, with the database previously marked as vulnerable to leaks by unknown actors. The database contained fingerprints used to identify open Firebases, demonstrating a lack of proper authentication and authorization for data. The vulnerability could allow malicious actors to exploit sensitive data, such as email logins.
In research, over 33,000 Android apps were analysed, and it found that over 14,000 apps had Firebase URLs on their front end, and out of these, more than 600 were links to open instances. The five categories of apps that contained the most hardcoded secrets were health and fitness, education, tools, lifestyle, and business.
But one of the voice chat apps on Android has been leaking user’s private calls. A research by Cybernews has revealed that the OyeTalk app, which has five million downloads on the Google Play Store and a 4.1 out of 5-star rating from 21,000 reviews, had left its database accessible to the public.
This security lapse exposed users’ private data and conversations. The OyeTalk platform enables users to interact in discussion rooms on various topics and host podcasts. The app is marketed as “one of the fastest-growing audio talent-hosting applications” and is available for download in over 100 countries.
The voice-chat app OyeTalk was found to expose user data and conversations through unprotected access to Google’s Firebase. The data leaked included user chats, usernames, and cellphone IMEI numbers, which threat actors could exploit to impose ransom.
Additionally, sensitive data was hardcoded into the application’s client side, including a Google API key and links to Google storage buckets, which made the app vulnerable to reverse engineering. The app developers failed to close public access to the database after being informed of the data spill. Google’s security measures closed off the instance due to the large dataset.
The OyeTalk app has been found to have a history of data leaks, with the database previously marked as vulnerable to leaks by unknown actors. The database contained fingerprints used to identify open Firebases, demonstrating a lack of proper authentication and authorization for data. The vulnerability could allow malicious actors to exploit sensitive data, such as email logins.
In research, over 33,000 Android apps were analysed, and it found that over 14,000 apps had Firebase URLs on their front end, and out of these, more than 600 were links to open instances. The five categories of apps that contained the most hardcoded secrets were health and fitness, education, tools, lifestyle, and business.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.