Android voice chat app leaves database unprotected, leaks private user data: Report

OyeTalk, which describes itself as a social audio platform with over 5 million downloads on Google Play Store, left its database open to the public exposing users’ private data and conversations, a report from cybernews shared. Additionally, sensitive hardcoded data on the client side of the app including Google API, which is unsafe as it can be easily accessed through reverse engineering, was also reported. The recent data leak is not the first to affect OyeTalk app, and its database was previously discovered and marked as vulnerable to leaks by unknown actors. The database contained specific fingerprints used to make open Firebases, which demonstrates that the database lacks proper authentication for viewing data and authorisation for inserting or editing existing data, the report shared.