CPR used Virus Total to track misconfigured Firebase databases whose URLs were stored in submitted APKs