HQ/EMEAFind out how we can help your business
A newly uncovered issue on iOS apps could compromise every Apple product owner worldwide.
According to researchers, there is evidence that thousands of App Store applications had hardcoded secrets in their code, exposing users’ sensitive information to cybercriminals. The study also examined more than 156,000 applications and uncovered over 815,000 hardcoded secrets. The risky part of these secrets is that most of them are very sensitive and could lead directly to breaches or data leaks.
A “secret” is a broad term that includes API keys, passwords, and encryption keys. On the other hand, being classified as “hardcoded” indicates that the app developers incorporate these features directly into the source code.
The typical reasoning for such activity is that the researchers allegedly do it because it is handy during production, and they frequently forget to remove the secrets once the program is online.
The compromised iOS apps could expose Cloud information, API keys, and Stripe data.
For the thousands of iOS apps, the average application’s code reveals 5.2 secrets, with 71% of apps leaking at least one. Most of these secrets may be ignored since they cannot be used in cybercriminal or illicit attacks.
Still, they discovered about 83,000 hardcoded cloud storage endpoints, 836 of which do not require authentication and could potentially leak more than 400TB of data.
The researchers also discovered 51,000 Firebase endpoints, thousands of which are accessible to the public, as well as thousands of exposed keys for Fabric API, Live Branch, MobApp Cretor, and other services.
Furthermore, the main issue was Stripe’s private keys, which directly regulate bank transactions. These complications could cause significant damage to numerous individuals and organisations as Stripe is widely used by e-commerce and even fintech companies to handle online payments.
The majority of smartphone users globally assume that iOS apps are safer, more reliable, and less likely to contain viruses. Still, the newly uncovered findings indicate that many apps in the Apple App Store have easily accessible hardcoded passwords.
These new vulnerabilities can put millions of iOS users at risk. Developers should reinforce and improve their security practices in app development to avoid similar issues.
