When Avast Threat Labs researchers looked at 180,300 publicly available Firebase instances, they found that over 10 percent (19,300) were open, exposing the data to unauthenticated developers. These were open due to misconfiguration by the app developers.
These open instances put the data stored and used by the apps developed with Firebase at risk of theft but, right now, there is little consumers can do to protect themselves.
“Each one of these open instances is a data breach event waiting to happen and can pose critical business, legal and regulatory risks if they happen. Potentially the personal information of over 10% of users of Firebase-based apps could be at risk,” explained Vladimir Martyanov, Malware Researcher at Avast.
“Today, any company has an app – shops, gyms, postal services, or even environmental and donation apps, built for convenience, and often with good causes in mind. Even more so businesses should insist on a responsible development of their apps, making security and privacy a key part of the entire app development process, not just as a later ‘bolt on.”