A Barcode Scanner App for Android Shows User Passwords

The Android app Barcode to Sheet was found by the Cybernews team to be leaking confidential user data and business information that app developers had saved.

With over 100,000 downloads on the Google Play store, Barcode to Sheet caters to e-commerce customers.

The application functions as a barcode scanner, enabling users to export data from barcodes into many formats that spreadsheet programs can read.

The team discovered that the app developers had left their 368MB Firebase database accessible to the public.

Any application may use Firebase's real-time data storage capabilities, which are frequently used to store data that apps gather.

The Barcode to Sheet app

The Barcode to Sheet app

There was plaintext storage of certain enterprise data on the open server. The team stated that user IDs, emails, reports, and product information were all saved in this manner.

User passwords, however, were kept in an MD5 hash format.

Although MD5 hashes the content that is meant to be protected, the format has several flaws that may be fixed without advanced programming ability.

Along with access credentials and IDs, the open server probably kept sensitive data on the client side of the application.

The information that was made available included the crash reporting key, web client ID, Google application programming interface (API) key, Google app ID, and other details that were normally reserved for the app's creators.