Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret.
The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming Interfaces (APIs), and even payment processors. The researchers noted how: “The average app’s code exposes 5.2 secrets, and 71% of apps leak at least one secret.” Secrets hard-coded in the source code of the apps are considered exposed because they are relatively easy to find and abuse by cybercriminals.
Read more…
Source: Malwarebytes Labs
Related:
- Research on iOS apps shows widespread exposure of secrets
March 14, 2025
Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret. The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming Interfaces (APIs), and even payment processors. The researchers noted how: “The average ...
- CIA employee pleads guilty over leak of classified Israeli plans
January 17, 2025
A CIA employee who was accused of leaking classified documents about Israel’s plans to strike Iran pleaded guilty on Friday to criminal charges that he willfully retained and transmitted national defense information, the U.S. Department of Justice said. In pleading guilty, Asif William Rahman, who worked at the U.S. intelligence agency since 2016, acknowledged that he ...
- Data leak at VW subsidiary affects 800,000 electric cars
December 27, 2024
A data leak at the software company Cariad, a subsidiary of German car manufacturer Volkswagen (VW), left the personal details of electric car owners in Europe available online for months, Germany’s Spiegel news magazine reported on Friday. The movement data of 800,000 vehicles and contact information of the owners was accessible via the Amazon cloud storage ...
- AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records
December 3, 2024
Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up ...
- Russia toughens penalties for data leaks
November 30, 2024
Russian President Vladimir Putin signed laws that toughen penalties for illegal gathering and distribution of personal data. Administrative liability New fines are introduced. In particular, they total up to 15 mln rubles ($141,000) for illegal transfer of personal information and health details and up to 20 mln rubles ($188,000) for illegal transfer of biometric data. The ...
- Westminster honeytrap victims named in Met Police email blunder
November 29, 2024
The Metropolitan Police has apologised to victims of the Westminster “honeytrap” scandal after it accidentally sent an email which named all of them. The force said it was referring itself to data watchdog the Information Commissioner over the breach. The Met is investigating flirtatious messages being sent by someone calling themselves “Charlie” or “Abi” to as ...