Multiple Apps on Google's Firebase Platform Exposing Sensitive Data

A comprehensive security analysis has revealed a widespread vulnerability affecting Firebase-powered mobile applications, with over 150 popular apps inadvertently exposing sensitive user data through misconfigured Google Firebase services.

The scope of this security crisis dwarfs previous incidents, potentially affecting thousands of applications with millions of downloads worldwide.

Security researcher analysis of approximately 1,200 mobile applications from just three app categories revealed alarming security gaps in Firebase implementations.

Among apps using Firebase services—which comprises roughly 80% of all mobile applications—over 150 were found to allow completely unauthenticated access to critical data stores including Realtime Databases, Storage Buckets, Firestore databases, and Remote Configuration secrets.

The exposed applications aren’t obscure programs with minimal user bases. Many of the vulnerable apps boast download counts exceeding 100,000, with numerous applications reaching 1 million, 5 million, 10 million, 50 million, or even 100 million downloads.

This scale significantly ...