For years, simple setup errors have been a major source of exposure when companies keep data in the cloud. Instead of carefully restricting who can access the information stored in their cloud infrastructure, organizations too often misconfigure their defenses. It's the digital equivalent of leaving the windows or doors open at your house before going on a long vacation. That leaky data problem applies to more than just the web services that typically grab headlines. Mobile security firm Zimperium has found that these exposures pose a major problem for iOS and Android apps as well.
Zimperium ran automated analysis on more than 1.3 million Android and iOS apps to detect common cloud misconfigurations that exposed data. The researchers found almost 84,000 Android apps and nearly 47,000 iOS apps using public cloud services—like Amazon Web Services, Google Cloud, or Microsoft Azure—in their backend as opposed to running their own servers. Of those, the researchers found misconfigurations in 14 percent of those totals—11,877 Android apps and 6,608 iOS apps—exposing users' personal information, passwords, and even medical information.
“It's a disturbing trend,” says Shridhar Mittal, Zimperium's CEO. “A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now.”
The researchers reached out to a handful of the app makers they found with cloud exposures, but they say the response was minimal and many apps still have exposed data. This is why Zimperium isn't naming affected apps in their report. Additionally, the researchers can't notify tens of thousands of developers. M ..