Android fans need to be aware of a widespread risk that affects Google Play Store users. Android is one of the most used software in the world, with the Google operating system installed on more than 2.5 billion devices worldwide. To put this in perspective, it amounts to a third of the world's population, which underscores how widely used Android is.
This huge user base is no stranger to security alerts, with malware experts regularly issuing notices about applications that Android fans need to be aware of.
And this week there was another big warning for Android, and it affects a huge number of apps found on the official Google Play Store market.
The warning is courtesy of Comparitech, with the study centered on Firebase – Google's mobile application development platform.
It is estimated that Firebase will be used by almost a third (30%) of all applications on the Google Play Store.
SEE MORE INFORMATION: Android headache as seriously irritating bug returns from Google Play Store
This means that it is the most popular storage solution for Android applications.
And now a new study by Comparitech has stated that 4.8% of mobile apps that use Firebase to store user data are not doing it safely.
This allows anyone to access personal information such as email addresses and phone numbers from an affected database without a password.
Comparitech found 4,282 apps leaking confidential information from a sample of more than 515,000 apps, which is equivalent to 18% of all Play Store apps.
Extrapolating these numbers suggests that about 24,000 apps on the Google Play Store are leaking sensitive data via Firebase.
The study added that the vulnerable applications that were identified were installed 4.22 billion times by Android users.
He also added that the data exposed includes more than seven million e-mail addresses, more than 4.4 million usernames, 5.3 million phone numbers and more than one million passwords.
Comparitech added that other data affected includes credit card numbers and government-issued identification.
Game apps accounted for 24.71% of vulnerable Play Store apps, with educational apps next at 14.72% and entertainment apps at 6.02%.
Some of the vulnerable apps have also been able to spread malware, carry out phishing scams and put fake headlines on popular news apps.
In its study, Comparitech stated: "The vulnerable applications identified by our team have been installed 4.22 billion times by Android users.
"Since the average smartphone user has between 60 and 90 apps installed, there is a high chance that the privacy of an Android user has been compromised by at least one app."
Google was notified by Comparitech of its findings on April 22, with a report detailing the problem provided to the search engine giant.
Speaking of the survey, a Google spokesman said, "Firebase provides several features that help our developers to configure their deployments securely.
"We provide notifications to developers about possible misconfigurations in their deployments and offer recommendations to correct them.
"We are reaching out to the affected developers to help them resolve these issues."
Guiding Android users on how to stay safe, Comparitech had the following tips and suggestions …
• Do not reuse the same password on multiple accounts. Use a password manager to generate and store strong random passwords
• Use only reliable applications with a large number of revisions and installations
• Be aware of what information you share with an application
• Do not share confidential personal information, such as home address, government identity photos, social security numbers, etc.