A popular puzzle game on Google Play Store has reportedly leaked players’ progress data. The game in question is Fruits Mania: Belle’s Adventure game, where players solve puzzles in an attempt to save the “poor fairies from the greedy raccoons.”
Fruit Mania: Belle’s Adventure is one of the thousands of apps on the Play Store that hard codes data into the client side of the app. So, the chances of bad actors gaining API keys, Google storage buckets, and database is quite high, and it could lead to exploit of information by analysing publicly available information.
The game Fruits Mania: Belle’s Adventure has over a million downloads on the Google Play store and is rated at 4.7-stars by over 17,000 users.
How does it affect players
Cybernews suggests that if the flaw is exploited could hamper players’ game progress. Fruit Mania: Belle’s Aventure left an open database that could expose user data. A 240 MB database of the puzzle game having user IDs and game progress is said to be publicly accessible. This is because Firebase was left open without any authorization.
The bad actor having access to data can wipe out any player’s game progress. And the action is said to be irreversible, meaning players would lose all their progress until now if no backup is there.
The developer of Fruit Mania: Belle’s Adventure, Baubonis, who happens to have other games, advises users to
Fruits Mania: Belle’s Adventure is not the only game from the developer, BitMango, so the developer urges players to remain cautious. However, there are other games from the developer that had a publicly accessible database or not, but it would be better to save your game progress.
More Android apps at risk
The Cybernews research team analyzed over 33,000 Android apps available on Play Store, finding more than 1,24,000 strings leaking sensitive data, including various API keys, Firebase dataset URLs, and links to Google storage buckets. The vulnerable apps belonged to the health and fitness, education, tools, lifestyle, and business category.
FacebookTwitterLinkedin
