.webp)
Apple won't build a backdoor – yet iOS apps leak secrets anyway
Apple won't build a backdoor – yet iOS apps leak secrets anyway - Opinion / affiche
Apple's UK encryption rollback has reignited the global debate on privacy. But while all eyes are on government backdoors, our latest Cybernews research exposes an even bigger risk – iOS apps are leaking sensitive data at scale, and Apple isn't stopping it.
Last week, the Cybernews research team revealed that 71% of 156,000 iOS apps are leaking hardcoded secrets – a serious security flaw with major implications for businesses and consumers.
Now, our latest report dives deeper into the top 10 most commonly exposed secrets and why they pose a significant risk to user data, whether owned by consumers or businesses.
Here's a quick look at the top 3 threats for businesses and individuals:
• Project ID (Google) exposes app resources, logs, and potentially weakly secured services, increasing the likelihood of data breaches.
• Google App ID can be used to impersonate apps, granting unauthorized access to user data, APIs, and backend systems.
• API Keys (Google): if exposed, these can lead to unauthorized service access, risking data loss, tampering, and breaches of user privacy.
This is the first research of its kind at this scale – no one has ever published even approximate findings on Apple's secret leaks before.
These findings raise a bigger question: is Apple's App Store security review failing to catch these weak spots? Your follow-up could explore whether Apple's vetting process is truly effective – or if developers are prioritizing speed over security.
With stolen credentials linked to 31% of all breaches and an increasing reliance on mobile devices for sensitive transactions, this is a problem that app users and developers must address.