It is clear that you should be as careful as possible about the applications you download to your mobile device. But no matter how careful you are, even if an app is not actively malicious, it can create the possibility that your data is at risk.
That seems to be the case for a very popular barcode scanner app called Barcode to Sheet on the Google Play store. According to Cybernews, the developers of the browser application left the Firebase database, which stores the data the application collects from users, publicly accessible as a result of a major error.
This database contained more than 368 MB of data, some of it stored in plain text, and included information about products, reports, emails, and user IDs. There were also user passwords stored in MD5 data format. As Cybernews points out, MD5, which has multiple security vulnerabilities, is not a very secure way to store data.
This report also claims that sensitive information is likely stored along with access keys and IDs on the client side of the application. If malicious actors were to infiltrate the server, they could see the web client ID, Google application programming interface (API) key, Google application ID, crash reporting key, and other details that only developers should see.
Unlike some fake or malicious Android apps that make the news from time to time, Barcode to Sheet is a legitimate productivity app. Google Play data shows that the app has been downloaded over 100,000 times and has an average review score of 4.6/5 with over 3,000 reviews.
“The leaked data was sensitive,” the Cybernews team says in its report. “It included not only the application’s secrets stored on the client side of the application, but also corporate and user information, including users’ passwords.”