{"id":1728,"date":"2015-05-27T14:28:09","date_gmt":"2015-05-27T12:28:09","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=1728"},"modified":"2015-05-27T14:28:09","modified_gmt":"2015-05-27T12:28:09","slug":"baas","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/05\/27\/baas\/","title":{"rendered":"SSE Group Detects Massive Data Leaks in Apps using Backend-as-a-Service"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_1728 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_1728')){$('.twoclick_social_bookmarks_post_1728').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2015\\\/05\\\/27\\\/baas\\\/\",\"post_id\":1728,\"post_title_referrer_track\":\"SSE+Group+Detects+Massive+Data+Leaks+in+Apps+using+Backend-as-a-Service\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-1731\" src=\"http:\/\/blogs.uni-paderborn.de\/sse\/files\/2015\/05\/appdatathreat_pressebild.jpg\" alt=\"appdatathreat_pressebild\" width=\"319\" height=\"182\" \/><\/p>\n<p>With the help of\u00a0<a href=\"http:\/\/sseblog.ec-spride.de\/tools\/codeinspect\/\">CodeInspect<\/a>, <a href=\"https:\/\/www.sit.fraunhofer.de\/en\/appicaptor\/\">Appicaptor<\/a> and an internally developed tool, researchers from TU Darmstadt and\u00a0Fraunhofer SIT have found that many mobile applications store private information in the cloud, in an easily accessible manner.<\/p>\n<p>Many users of mobile applications want their data to be synced across multiple platforms (iOS\/Android\/Windows\/OSX\/&#8230;). For app developers it is typically hard to support synchronization, as they need to set up backend servers on which the data can be stored and synchronized. Cloud providers such as Amazon and Parse.com therefore provide backends as a service (BaaS). With BaaS, app developers can simply connect to pre-configured servers using a few lines of program code. This makes data storage and synchronization through the cloud very easy.\u00a0Some apps use BaaS to share public data, which is ok as long as the data is configured to be read-only. Many apps, however, use BaaS also to store confidential data such as user names, email addresses, contact information, passwords and other secrets, photos and generally any kind of data one can think of. Such data should only be accessible to the individual app user who stored the data. The researchers\u00a0found more than 56 million sets of unprotected data, including email addresses, passwords, health records and other sensitive information of app users, which may be easily stolen and often manipulated. <a href=\"https:\/\/www.sit.fraunhofer.de\/en\/news-events\/latest\/press-releases\/details\/news-article\/technische-universitaet-darmstadt-und-fraunhofer-sit-datenleck-in-apps-bedroht-millionen-von-nutzer\/\">Read the\u00a0official\u00a0release here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the help of\u00a0CodeInspect, Appicaptor and an internally developed tool, researchers from TU Darmstadt and\u00a0Fraunhofer SIT have found that many mobile applications store private information in the cloud, in an easily accessible manner. Many users of mobile applications want their &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/05\/27\/baas\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,21,51,61,71],"tags":[],"class_list":["post-1728","post","type-post","status-publish","format-standard","hentry","category-android","category-dynamic-analysis","category-security-analysis","category-security-vulnerability","category-static-analysis"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=1728"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1728\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=1728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=1728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=1728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}