- Security researchers have discovered numerous mobile apps that leak data
- Private messages of more than 20 million people exposed
- The affected applications have been grouped under the name Firehound
Apple often uses the security of its App Store as a reason why regulators should not force it to open its app ecosystem to competing stores. After all, the argument goes, Apple audits the security of its App Store and kicks out careless apps with user data. Yet a recent discovery suggests that the App Store isn’t as watertight as it seems.
According to malware researchers VX Underground on X, security firm CovertLabs is working on a project to document iOS apps that leak user information in the wild. At the time of publication of VX Underground’s post, 198 culprit apps had been identified, with the main culprits all linked in one way or another to artificial intelligence (AI).
The worst offender was an app called Chat & Ask AI from Codeway, which CovertLabs says exposed the entire chat history of some 18 million users – a total of 380 million messages – as well as users’ phone numbers and email addresses. This information is apparently “entirely accessible to anyone who knows where to look,” which, given the sensitive information people often feed into AIs, is “as bad as it gets,” CovertLabs says.
The study app “YPT – Study Group” was also found to be at fault, with research indicating that information from more than two million users was exposed. This includes chat messages, AI tokens, user IDs and user keys, according to VX Underground.
CovertLabs created a repository of affected applications, which it named Firehound. You can browse examples of redacted data to see what information was leaked, as well as which applications were most exposed. Much of the data is sensitive and has been restricted, with interested parties having to request access to the information.
CovertLabs says affected developers should contact the company, in which case the app will be removed from the repository and developers will receive help on how to repair their apps.
Bad for users, developers and Apple
The fact that many of the most leaked apps – including Chat & Ask AI, GenZArt, Kmstry, and Genie – are AI-related isn’t terribly surprising. In the rush to capitalize on the AI goldmine, it’s likely that many developers have cut corners or implemented lax security measures in order to get their app out and onto the App Store.
But part of the blame should probably lie with Apple as well. The company prides itself on the security of its App Store compared to the Google Play Store, which often contains more malicious and insecure apps than Apple’s efforts.
Yet that’s not always the case: Apple’s App Store has its own problems, and the fact that such vulnerable apps have apparently made it past the App Store’s review process isn’t a good idea for Apple.
If you are using any of the affected apps, you should stop it immediately. You won’t be able to do much about the data already exposed, but you can at least stop adding more. You should also start using one of the best password managers and change the passwords of all accounts sharing the email address you used for the compromised apps. If you know someone else who uses these apps, warn them of the dangers.
Hopefully affected developers will be able to secure their apps – and other developers will know the risks before it’s too late.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
