When the Avast Threat Labs researchers examined 180,300 publicly available Firebase instances, they found that over 10 percent (19,300) were open and the data was accessible to unauthenticated developers. These were open due to a misconfiguration by the app developer.
These open instances put the data stored and used by the apps developed with Firebase at risk of theft, but right now there is little that consumers can do to protect themselves.
“Each of these open instances is a data breach event waiting to occur and can pose critical business, legal, and regulatory risks if they do occur. The personal data of over 10% of users of Firebase-based apps could potentially be at risk, ”explains Vladimir Martyanov, malware researcher at Avast.
“Today every business has an app – shops, gyms, postal services, or even environmental and donation apps that are designed for convenience and often kept in mind for good causes. All the more, companies should insist on the responsible development of their apps and make security and data protection a central component of the entire app development process, not just as a later “cheer”.