In mobile application development, server-side storage of the application’s data remains top priority. In particular, many developers have begun using backend APIs that enable their apps to query a server for information in real time rather than reply upon static data stored in files. However, as many cloud storage services have been found to use unsecured configurations, data on thousands of mobile applications could be at risk.
A main challenge arises when the task of securing the configurations of these services falls upon the app developers rather than the provider, such as Amazon AWS, Google’s Firebase Storage or Azure by Microsoft. When developers use these storage services for the very purpose of having their API security taken care of, they invest the majority of their efforts into building the apps rather than protecting stored information. Such an oversight could threaten many app developers as well as their employers and users.
In 2021, the mobile security company Zimperium found that over 14 percent of mobile apps using cloud storage face risks due to unsecured configurations. This research has revealed that, globally and across all industries, various apps are vulnerable to the exposure of publicly identifiable information (PII), fraud and unregulated internal IP/configuration sharing.