- Security researchers have discovered dozens of mobile applications that leak data
- The private messages of more than 20 million people are exposed
- The affected applications have been grouped under the name Firehound
Apple often uses the security of its App Store as a reason why regulators should not force it to open its app ecosystem to rival stores. After all, the argument goes, Apple vets its App Store for security concerns and kicks out apps that are careless with user data. However, a recent discovery suggests that the App Store is not as secretive as it seems.
According to malware researchers VX Underground at X, security company CovertLabs is working on a project to document iOS apps that leak user information. At the time of VX Underground’s X publication, 198 culprit apps had been identified, and all of the top culprits were related to artificial intelligence (AI) in some way.
The worst offender was an app called Chat & Ask AI from Codeway, which CovertLabs says has exposed the entire chat history of about 18 million users (that’s a total of 380 million messages), as well as users’ phone numbers and email addresses. Apparently, this information is “completely accessible to anyone who knows where to look,” which, considering the sensitive information people often feed into AIs, is “about as bad as it gets,” CovertLabs says.
The study app ‘YPT – Study Group’ was also found guilty, and investigations indicate that the information of more than two million users was exposed. That includes chat messages, AI tokens, user IDs and user keys, according to VX Underground.
CovertLabs has created a repository of affected applications, which it called Firehound. You can explore sample redacted data to see what information was leaked and which apps have been most exposed. Much of the data is confidential and has been restricted, so interested parties must request access to the information.
CovertLabs says affected developers should contact the company, at which point the app will be removed from the repository and developers will receive help on how to fix their apps.
Bad for users, developers and Apple
The fact that many of the most leaked apps (including Chat & Ask AI, GenZArt, Kmstry, and Genie) are AI-related isn’t too surprising. In the rush to cash in on the AI goldmine, many developers have likely taken shortcuts or implemented lax security measures to get their app on the market and onto the App Store.
But some of the blame should probably fall on Apple as well. The company prides itself on the security of its App Store compared to the Google Play Store, which often contains more malicious and insecure apps than Apple’s effort.
However, that’s not always the case: Apple’s App Store has its own problems, and the fact that such vulnerable apps have apparently made it through the App Store review process is not a good look for Apple.
If you use any of the affected applications, you should stop immediately. You won’t be able to do much with the data that’s already exposed, but at least you can stop adding more. You should also start using one of the best password managers and change the passwords for any accounts that share the email address you used for the compromised apps. If you know anyone else who uses these apps, warn them about the dangers.
Hopefully, affected developers will be able to protect their apps and other developers will learn about the risks before it’s too late.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
