"Android RPG Game App Leaks Data of 100K Players"

Cybernews researchers discovered sensitive data hardcoded into the client side of the popular Guidus game app, leaving it vulnerable to data leaks. Guidus is a mobile game with over 100,000 downloads on the Google Play store. Researchers found that Guidus was leaking data via unprotected access to Firebase, Google's mobile app development platform that offers cloud-hosted database services. The app leaked information regarding users' game progress, including anonymized tokens used as 'in-game' currencies and digital markers to track progress. If the data had not been backed up and a malicious actor had deleted it, users' gaming progress would have been lost with no chance of recovery. In addition to the open Firebase instance, the app's developers had left keys hardcoded into the client or user side, which could have allowed threat actors to access sensitive data. This data could be used to target users in other attacks. Guidus is one of the thousands of Google Play store apps vulnerable to data leaks. Cybernews examined more than 33,000 Android apps and discovered that the most sensitive exposed hardcoded secrets were Application Programming Interface (API) keys, links to open Firebase datasets, and Google Storage buckets. This article continues to discuss the Guidus game app exposing the data of its users, the significance of this exposure, and the vulnerability of thousands of Android apps to data leaks. 

Cybernews reports "Android RPG Game App Leaks Data of 100K Players"