The research involved the analysis of 23 Android applications and revealed issues related to real-time databases, cloud storage keys, and push notifications.
The exposed data, which pertains to more than 100 million Android users, includes chat messages, emails, passwords, location information, user identifiers, photos, and more.
The exposed real-time databases, which are meant to store data in the cloud and keep it continuously synchronized with the client, were not protected by any authentication mechanism, a misconfiguration that allowed anyone to access the information, without authorization.
