If you have an Aptoide account, you should be worried. A hacker has today leaked the details of 20 Million users of the third-party Android Store. The hacker, according to ZDNet, claims to have over 39 Million records that they say was obtained from a successful hack earlier this month.
So if you registered an account with Aptoide between July 21, 2016, and January 28, 2018, you may be among the millions whose private data has been exposed online. The hacker, however, didn’t manage to get real user passwords, only hashed passwords, so if you use one password across multiple accounts you’re safe. But that shouldn’t be good news because unfortunately, the important details leaked includes:
- Email addresses
- IP addresses used during sign-up
- Sign-up date
- Device details
- Date of birth (if provided), and worse of all
- Real names
All this data is available for download online in a PostgreSQL export file, as at the time of Zdnet’s reporting. As always though, once something goes online there’s no way to stop where it could go, who could access it, and how far it could be manipulated.
The dilemma of Stores:
Aptoide, and other unofficial third-party stores have millions of users accessing them in the hopes of finding apps they can’t find on official stores. For example, if there’s an app you want and it is geo-restricted or it is doesn’t meet Google Play Store requirements, you will need to use a third-party app store to download the APK and install it.
Also, devices that don’t have Google Play Services rely on such unofficial third-party app stores to download apps because they can’t access the Google Play Store, and sometimes the officially recommended stores don’t have all the apps needed. For example, currently, Huawei’s App Gallery doesn’t have all the apps one needs. So if you have an HMS device that doesn’t support Google, you’ll need to find an alternative to App Gallery to get more apps.
The thing is, not every app can be available through one official store. Or two official stores. Android is open-source, and limiting distribution kills the idea. Having many stores is good. It ensures variety, it promotes development and competition. But it also exposes users to malware and potential hacks as with the case of Aptoide.
Official App Stores like Google Play Store, Huawei’s App Gallery, and Samsung’s Galaxy Store all have good security, and can be relied upon in terms of not being hackable, and being capable of handling malware spread easily. However, they don’t have and will never have all the apps every user needs, and that’s why people use these unofficial third parties.
Third-party app stores, on the other hand, don’t have enough resources to be able to build good security. They also cannot be trusted in terms of being able to check for malware on all apps they host.
Back in October of 2018, you may remember Aptoide accused Google of using the Play Protect feature to uninstall their app from Android devices. Google was then seen as a jealous competitor kicking a rising star. The case that went to an EU Court forced Google to stop removing the app without users’ knowledge. I don’t know what the argument will be now with the news of Aptoide’s hack.