That said, the report also notes that this data wouldn’t be enough for hackers to use effectively, as the attackers would need to find out where more user data would be stored by the app developers. However, cross-referencing the leaked data with additional details could still cause harm. The app is rated highly on the Google Play Store, with an average user rating of 4.4 out of 5 stars. However, the app’s listing page on the Google Play Store states that it was last updated in October 2020. This could prove harmful, as the research team also discovered that Web Explorer – Fast Internet had hardcoded sensitive information on the client side, also known as “secrets.” This means that hackers could also extract this information, and since it hasn’t been updated in over two years, these secrets are still there.
Beware of suspicious messages
The open Firebase instance has reportedly been closed, meaning this information isn’t accessible to attackers anymore. The Cybernews team reached out to the app developers but has yet to receive a reply. The Cybernews team states: “Since the problem is now only partially solved and we received no response from the app developers, we can only guess what other information could be leaking through the application’s secrets.” Users of the Android browser app should be aware of any suspicious emails or messages, as the exposed data could have led to threat actors de-anonymizing users and using this data for malicious means — whether it be phishing scams or ransomware attempts. It’s a good idea to stay protected online, and one of the best antivirus apps can help keep malware threats at bay. Recently, a vicious ‘MoneyMonger’ malware has been spotted using money-lending apps as bait to lure despondent victims into its predatory-loan lair.