- Security researchers have discovered dozens of mobile apps that leak data
- Private messages from over 20 million people have been exposed
- The affected apps have been grouped under the name Firehound
Apple often uses the security of its App Store as a reason why regulators shouldn’t force it to open its app ecosystem to competing stores. After all, the argument goes, Apple examines its App Store for security and pushes out apps that are careless with user data. Yet a recent discovery suggests that the App Store isn’t quite as watertight as it seems.
According to malware researchers VX Underground on X, security firm CovertLabs is working on a project to document iOS apps leaking user information into the wild. At the time of VX Underground’s X post, 198 culprit apps had been identified, with the top culprits all related to artificial intelligence (AI) in some way.
The worst offender was an app called Chat & Ask AI by Codeway, which, according to CovertLabs, exposed the entire chat history of around 18 million users – that’s 380 million messages in total – as well as user phone numbers and email addresses. This information is apparently “completely accessible to anyone who knows where to look,” which, given the sensitive information people often feed into AIs, is “as bad as it gets,” CovertLabs says.
The survey app ‘YPT – Study Group’ was also found to be at fault, with research showing that information from over two million users was exposed. That includes chat messages, AI tokens, user IDs and user keys, according to VX Underground.
CovertLabs has created a repository of affected apps that it has named Firehound. You can review redacted sample data to see what information was leaked, as well as which apps were exposed the most. Much of the data is sensitive and has been restricted where interested parties must request access to the information.
CovertLabs says that affected developers should contact the company, after which the app will be removed from the repository and developers will receive help on how to fix their apps.
Bad for users, developers and Apple
The fact that many of the most leaked apps – including Chat & Ask AI, GenZArt, Kmstry and Genie – are related to AI is not that surprising. In the rush to tap into the AI gold mine, it’s likely that many developers have cut corners or implemented lax security measures to get their app out the door and into the App Store.
But some of the blame must also fall at the feet of Apple. The company prides itself on the security of its App Store compared to the Google Play Store, which often turns out to contain more malicious and insecure apps than Apple’s efforts.
Still, that’s not always the case—Apple’s App Store has its own problems, and the fact that such vulnerable apps seem to have gotten past the App Store’s review process isn’t a good look for Apple.
If you are using any of the affected apps, you should stop immediately. You won’t be able to do much with the data that’s already exposed, but you can at least stop adding more. You should also start using one of the best password managers and change the password for all accounts that share the email address you used for the compromised apps. If you know someone who uses these apps, warn them about the dangers.
Hopefully the affected developers will be able to secure their apps – and other developers will learn about the risks before it’s too late.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
