This Android browser might have leaked the details of millions of users

As many as five million users could have had data compromized

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A popular Androidbrowserapp with more than five million downloads on theGoogle Play Storemay have been leaking user data including browser history, experts have claimed.

Cybernewssays it discovered that the ‘Web Explorer - Fast Internet’ app had left its Firebase instance open - a mobile application development platform that’s designed to assist with analytics, hosting, andcloud storage.

At risk is five days’ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.

Android Web Explorer data leak

Cybernewssenior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.

The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.

These are the best firewall tools>Millions of Twitter users have had their data leaked online>Sequoia breach sees hackers access customer Social Security numbers and COVID-19 test results

“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,”CyberNewsnoted.

It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, it’s not all good news:Cybernewsreached out to the app’s team about its findings, but it’s yet to receive a reply.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded ‘secrets’ are likely still there. The researchers write: “…we can only guess what other information could be leaking through the application’s secrets”.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!