Tag Archive for: Messages

Android game with 1m downloads leaked users’ private messages

/in


Popular mobile role-playing game (RPG) Tap Busters: Bounty Hunters spilled sensitive user data.

The research by Cybernews has discovered that the Tap Busters: Bounty Hunters app had left their database open to the public, allegedly exposing users’ private conversations for at least five months.

Also, app developers had sensitive data hardcoded into the client side of the app, making it vulnerable to further data leaks.

Tap Busters: Bounty Hunters is an idle RPG game with more than one million downloads on Google Play Store and a 4.5-star rating based on more than 45,000 reviews. In the game, players take on the role of bounty hunters trying to become masters of the galaxy. They defeat villains and collect loot as they travel through different alien realms. Idle game mechanics mean that players can progress in-game without constant input.

Significance

Researchers discovered that Tap Busters: Bounty Hunters leaked data through unprotected access to Firebase, Google’s mobile application development platform that provides cloud-hosted database services. Anyone could have accessed the database in the meantime.

The 349MB-strong unprotected dataset contained user ids, usernames, timestamps, and private messages. If the data leaked had not been backed up and a malicious actor had chosen to delete it, it is possible that the user’s private messages would have been permanently lost without the possibility of recovery.

Along with an open Firebase instance, the developers left some sensitive information, commonly known as secrets, hardcoded in the application’s client side. The keys found were: fir ebase_database_url, gcm_defaultSenderId, default_web_client_id, google_api_key, google_app_id, google_crash_reporting_api_key, google_storage_bucket.

Hardcoding sensitive data into the client side of an Android app is unsafe, as in most cases, it can be easily accessed through reverse engineering.

No response

The game’s developer is Tilting Point, which owns several other successful games with a large player community. Some of these games have over five million downloads. The app developer was informed of the data spill but failed to close public access to the database.

The app developers…

Source…

Secret Service erased text messages from Jan. 6 and the day before, the Homeland Security watchdog says

/in


WASHINGTON — The Secret Service erased text messages from both Jan. 6 and the day before the attack on the Capitol after the Department of Homeland Security’s internal watchdog requested records of electronic communications tied to the insurrection, according to a letter sent to congressional committees that was obtained by NBC News.

The details about the erased messages were revealed in a letter to two congressional committees Wednesday, in which Homeland Security Inspector General Joseph Cuffari said he was informed that many of the messages from Jan. 5 and Jan. 6, 2021, had been erased “as part of a device-replacement program.”

The Intercept first reported the content of the letters.

A spokesperson for the House Homeland Security Committee confirmed the letter, which was also given to the Jan. 6 committee, a source familiar with the matter confirmed.

Cuffari’s letter was also addressed to the Senate Homeland Security and Governmental Affairs Committee.

“The USSS erased those text messages after OIG requested records of electronic communications from the USSS, as part of our evaluation of events at the Capitol on January 6,” Cuffari said in his letter.

He added that DHS personnel had repeatedly told inspectors that “they were not permitted to provide records directly” to the watchdog and that the records first needed to be reviewed by the agency’s attorneys.

“This review led to weeks-long delays in OIG obtaining records and created confusion over whether all records had been produced,” he said.

Secret Service spokesman Anthony Guglielmi insisted in a statement that the agency has fully cooperated with the inspector general’s review and that the text messages were lost before they were requested.

“The insinuation that the Secret Service maliciously deleted text messages following a request is false,” Guglielmi said. “In fact, the Secret Service has been fully cooperating with the OIG in every respect — whether it be interviews, documents, emails, or texts.”

According to Guglielmi, the Secret Service began a “pre-planned, three-month system migration” in January 2021 that included resetting its mobile phones to factory settings, resulting in the loss of data for some phones….

Source…

Hacking group Squad303 creates tool to send random Russian phones anti-war messages

/in


“We the people of the world have a message to the Russian nation. A nation that is to pay a huge price because of the shameful decision of the dictator Putin to attack an independent Ukraine by armed forces,” the website states.

“However, nearly 150 million Russians do not know the truth about the causes or course of the war in Ukraine. It is fed with the lies of the Kremlin propaganda. There is no free media in Russia and the internet is censored.”

When one of the sending options is clicked on, a random recipient is chosen and a stock message from a selection is pre-populated in Russian for sending with a single click.

One potential email message describes the Ukraine invasion as a “fatal step” leading to huge human losses that undermines the foundations of international security.

“The responsibility for unleashing a new war in Europe lies entirely with Russia,” it continues.

“There is no rational justification for this war. Attempts to use the situation in Donbass as a pretext for launching a military operation do not inspire any confidence.”

Squad303 said they had received direct evidence that people using the service were doing a “great job”.

“The Kremlin is afraid of you,” they wrote on Twitter.

Source…

War and the app economy, Google’s Messages update, Telegram ‘TV’ – TechCrunch

/in


Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. Global spending across iOS, Google Play and third-party Android app stores in China grew 19% in 2021 to reach $170 billion. Downloads of apps also grew by 5%, reaching 230 billion in 2021, and mobile ad spend grew 23% year over year to reach $295 billion.

Today’s consumers now spend more time in apps than ever before — even topping the time they spend watching TV, in some cases. The average American watches 3.1 hours of TV per day, for example, but in 2021, they spent 4.1 hours on their mobile device. And they’re not even the world’s heaviest mobile users. In markets like Brazil, Indonesia and South Korea, users surpassed five hours per day in mobile apps in 2021.

Apps aren’t just a way to pass idle hours, either. They can grow to become huge businesses. In 2021, 233 apps and games generated over $100 million in consumer spend, and 13 topped $1 billion in revenue. This was up 20% from 2020, when 193 apps and games topped $100 million in annual consumer spend, and just eight apps topped $1 billion.

This Week in Apps offers a way to keep up with this fast-moving industry in one place, with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and suggestions about new apps to try, too.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Russia’s app economy shuts down

Image Credits: Mika Baumeister / Unsplash

As the Russia-Ukraine war continued this week, the app ecosystem also saw further impacts. As businesses pulled out of Russia, the ability for Russian consumers to transact on the app stores and in apps is similarly being impacted. This week, Google announced it was suspending Google Play’s billing system for users in Russia in the “coming days,” which means Russian users won’t be able to purchase apps…

Source…