- Security researchers have discovered scores of mobile apps leaking data
- Private messages of over 20 million people are exposed
- The affected apps have been grouped under the Firehound name
Apple often uses the security of its App Store as a reason why regulators shouldn’t force it to open up its app ecosystem to rival stores. After all, the argument goes, Apple vets its App Store for security and ejects apps that are careless with user data. Yet a recent discovery suggests that the App Store isn’t quite as watertight as it seems.
According to malware researchers VX Underground on X, security firm CovertLabs is working on a project to document iOS apps that leak user information into the wild. At the time of VX Underground’s X post, 198 guilty apps had been identified, with the top culprits all being related to artificial intelligence (AI) in some way.
The worst offender was an app named Chat & Ask AI by Codeway, which according to CovertLabs has exposed the entire chat history of some 18 million users – that’s a total of 380 million messages – as well as user phone numbers and email addresses. This information is apparently “completely accessible to anyone who knows where to look” which, considering the sensitive information people often feed into AIs, is “as bad as it gets,” CovertLabs says.
Study app ‘YPT – Study Group’ was also found to be at fault, with research indicating that information from over two million users was exposed. That includes chat messages, AI tokens, user IDs and user keys, according to VX Underground.
CovertLabs has created a repository of affected apps, which it has named Firehound. You can browse through redacted sample data to see what information was leaked, as well as which apps have been exposed the most. Much of the data is sensitive and has been restricted, with interested parties needing to request access to the information.
CovertLabs says that affected developers should reach out to the firm, at which point the app will be removed from the repository and the developers will receive help on how to fix their apps.
Bad for users, developers and Apple
The fact that many of the leakiest apps – including Chat & Ask AI, GenZArt, Kmstry and Genie – are related to AI isn’t too surprising. In the rush to capitalize on the AI goldmine, it’s likely that many developers have cut corners or implemented lax security measures in order to get their app out the door and onto the App Store.
But some of the blame should probably also fall at the feet of Apple. The company takes pride in the security of its App Store compared to the likes of the Google Play Store, which is often found to contain more malicious and insecure apps than Apple’s effort.
Yet that’s not always the case – Apple’s App Store has problems of its own, and the fact that such vulnerable apps have seemingly made it past the App Store’s review process is not a good look for Apple.
If you use any of the affected apps, you should stop immediately. You won’t be able to do much about the data that’s already exposed, but you can at least stop adding more. You should also start using one of the best password managers and change the passwords of any accounts that share the email address you used for the compromised apps. If you know anyone else using these apps, warn them about the dangers.
Hopefully, the affected developers will be able to secure their apps – and other developers will learn about the risks before it’s too late.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
