Warning about applications on the Play Store leaking user data

NGUYỄN ĐĂNG |

Two applications in the Play Store from the same developer are revealing personal data of some Android users.

Two apps leak Android user data

Inside the Google Play Store, there are many potentially dangerous applications. These are unlicensed artificial intelligence (AI) applications and in some cases are not secure, advertised as being used to edit and verify identity.

The dangerous thing about these applications is that they have leaked billions of personal profiles of Android users. A report says a specific application is causing serious problems. That application, listed in the Google Play Store, is called "Video AI Art Generator & Maker".

The app has been installed more than 500,000 times, has 11,000 likes and, according to Forbes, it has leaked more than 1.5 million user images, more than 385,000 videos and millions of AI files created by users.

The leak occurred because a Google Cloud Storage was malconfigured, allowing anyone to access the stored files, even those that were not verified.

More than 12TB of media files belonging to the application user were leaked through this archive. It should be noted that this archive has stored and leaked 8.27 million media files because it has collected all files since the application was launched on June 13, 2023.

This application does not appear on the Play Store because Google is said to have hidden it after reports of application problems related to user data and personal files.

But not only that, another application called IDMerit from the same developer has leaked information called "customer identity verification data (KYC)". This is personal and professional information that businesses and financial institutions are required to have according to the law to verify your identity and determine the level of risk when transacting with you.

This data belongs to individuals in the US and 25 other countries, including Germany, France, China and Brazil. The leaked personal information includes: Full name, address, postcode, phone number, email, gender, date of birth...

Fortunately, Codeway, the developer of IDMerit and Video AI Art Generator & Maker, said it regained data control in February this year.

Recommendations

Although it is not certain whether user data is in the above-mentioned leaks or not, experts recommend that users check their email address through the Have I Been Pwned service to detect early risks from other incidents.

If you are using a password manager, use the authentication code when possible and be wary of the tricks of online scam campaigns.

Check the reliability of application developers, search for Google's "verified developer" confirmation in the Play Store.

Be careful with applications that cause your phone to heat up and drain battery even when the application is closed.

In addition, be wary of applications that offer a lifetime Pro subscription package at a low price (e.g. $4.99 USD). You may want to scan applications on your phone using the Google Play Protect protection system. Open the Play Store and tap the Profile icon in the top right corner. Then, select Play Protect > Scan.

NGUYỄN ĐĂNG
RELATED NEWS

National Assembly continues digital transformation, applying AI in legislative work

|

According to National Assembly Chairman Tran Thanh Man, the National Assembly's agencies continue to digitally transform and apply AI in legislative and supervisory work.

Google blocks millions of malicious applications in 2025

|

Increased investment in security systems and artificial intelligence has helped Google minimize the number of hackers attacking the Play Store application store.

YouTube app integrated in Apple Vision Pro

|

The YouTube app was eventually integrated into Apple Vision Pro.

After Tet, Hanoi eateries are bustling again, diners flock to "relieve boredom

|

Hanoi - After the Tet holiday, many eateries are starting to become crowded again as people return to work.

Continuous earthquakes in Mang Den

|

Quang Ngai - 7 consecutive earthquakes occurred in Mang Den and Mang But, experts assess them as induced earthquakes with low risk.

Identities of 2 bodies found with cars under canal in Gia Lai have been identified

|

Gia Lai - Functional agencies have identified the identities of 2 victims discovered in the same car under the Van Phong canal, including 1 male and 1 female, both residing in Gia Lai.

Russia declares it helps protect Venezuela's sovereignty

|

Russia affirms that its steadfast diplomatic stance has played a decisive role in protecting Venezuela's sovereignty and position.

Lao Dong Newspaper maintains its role as an important information channel of the trade union organization

|

The President of the Vietnam General Confederation of Labour requested Lao Dong Newspaper to continue to promote the advantages of multi-platform journalism, maintaining its role as an important information channel of the trade union organization.

National Assembly continues digital transformation, applying AI in legislative work

ANH HUY |

According to National Assembly Chairman Tran Thanh Man, the National Assembly's agencies continue to digitally transform and apply AI in legislative and supervisory work.

Google blocks millions of malicious applications in 2025

NGUYỄN ĐĂNG (THEO TECHCRUNCH) |

Increased investment in security systems and artificial intelligence has helped Google minimize the number of hackers attacking the Play Store application store.

YouTube app integrated in Apple Vision Pro

QUANG MINH |

The YouTube app was eventually integrated into Apple Vision Pro.