A major security investigation has analyzed 1.8 million Android apps available on the Google Play Store, focusing on those that explicitly claim AI features, and identified worrying security flaws which may be exposing secrets.
From the initial research pool, Cybernews researchers identified 38,630 Android AI apps and examined their internal code for exposed credentials and cloud service references, finding widespread data handling failures that extended far beyond isolated developer mistakes. Overall, the researchers found nearly three-quarters (72%) of the analyzed Android AI apps contained at least one hardcoded secret embedded directly in application code – and on average, each affected app leaked 5.1 secrets.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Android apps have leaked over 730TB of user data and Google secrets
February 1, 2026
A major security investigation has analyzed 1.8 million Android apps available on the Google Play Store, focusing on those that explicitly claim AI features, and identified worrying security flaws which may be exposing secrets. From the initial research pool, Cybernews researchers identified 38,630 Android AI apps and examined their internal code for exposed credentials and cloud service ...
- Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT
January 27, 2026
The interim head of the country’s cyber defense agency uploaded sensitive contracting documents into a public version of ChatGPT last summer, triggering multiple automated security warnings that are meant to stop the theft or unintentional disclosure of government material from federal networks, according to four Department of Homeland Security officials with knowledge of the incident. The ...
- ShinyHunters claims Okta customer breaches, leaks data belonging to 3 orgs
January 23, 2026
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment. On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three – Crunchbase ...
- Newely discovered AMD CPU flaw highlights the risk of running multiple VMs
January 16, 2026
A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines. Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating ...
- “Reprompt” attack lets attackers steal data from Microsoft Copilot
January 15, 2026
Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. The attack flow, called Reprompt, abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. Copilot is an AI assistant which connects to a personal account and is integrated into Windows, the Edge browser, and ...
- 16TB of corporate intelligence data exposed in one of the largest lead-generation dataset leaks
December 11, 2025
More than 16 terabytes of professional and corporate intelligence data, including personally identifiable information (PII), was sitting in an unprotected database, available to anyone who knew where to look. This is according to cybersecurity researchers at Cybernews who found the database and described it as “one of the largest lead-generation datasets to have ever leaked.” Despite ...