Two apps leak Android user data
Inside the Google Play Store, there are many potentially dangerous applications. These are unlicensed artificial intelligence (AI) applications and in some cases are not secure, advertised as being used to edit and verify identity.
The dangerous thing about these applications is that they have leaked billions of personal profiles of Android users. A report says a specific application is causing serious problems. That application, listed in the Google Play Store, is called "Video AI Art Generator & Maker".
The app has been installed more than 500,000 times, has 11,000 likes and, according to Forbes, it has leaked more than 1.5 million user images, more than 385,000 videos and millions of AI files created by users.
The leak occurred because a Google Cloud Storage was malconfigured, allowing anyone to access the stored files, even those that were not verified.
More than 12TB of media files belonging to the application user were leaked through this archive. It should be noted that this archive has stored and leaked 8.27 million media files because it has collected all files since the application was launched on June 13, 2023.
This application does not appear on the Play Store because Google is said to have hidden it after reports of application problems related to user data and personal files.
But not only that, another application called IDMerit from the same developer has leaked information called "customer identity verification data (KYC)". This is personal and professional information that businesses and financial institutions are required to have according to the law to verify your identity and determine the level of risk when transacting with you.
This data belongs to individuals in the US and 25 other countries, including Germany, France, China and Brazil. The leaked personal information includes: Full name, address, postcode, phone number, email, gender, date of birth...
Fortunately, Codeway, the developer of IDMerit and Video AI Art Generator & Maker, said it regained data control in February this year.
Recommendations
Although it is not certain whether user data is in the above-mentioned leaks or not, experts recommend that users check their email address through the Have I Been Pwned service to detect early risks from other incidents.
If you are using a password manager, use the authentication code when possible and be wary of the tricks of online scam campaigns.
Check the reliability of application developers, search for Google's "verified developer" confirmation in the Play Store.
Be careful with applications that cause your phone to heat up and drain battery even when the application is closed.
In addition, be wary of applications that offer a lifetime Pro subscription package at a low price (e.g. $4.99 USD). You may want to scan applications on your phone using the Google Play Protect protection system. Open the Play Store and tap the Profile icon in the top right corner. Then, select Play Protect > Scan.
