Secret leaks in iOS apps, over 12,000 API keys in AI datasets, and Google’s covert tracking of Android users. Plus, the state of secrets sprawl in 2025.
Extensive research into iOS apps reveals widespread secret leaks and poor coding practices
Researchers at Cybernews found that 71% of iOS apps on the Apple App Store leak at least one hardcoded secret, such as cloud storage keys, API credentials, and even payment processor keys. Despite Apple’s strict app review process, the company does not check for hardcoded credentials, leaving sensitive data and infrastructure vulnerable to hackers.
Nearly 12,000 API keys and passwords found in AI training dataset
Researchers at Truffle Security have uncovered close to 12,000 valid secrets, including AWS root keys and MailChimp API credentials, within the Common Crawl dataset—an open-source web archive widely used to train AI models.
How Google tracks Android device users before they've even opened an app
New research from Trinity College Dublin reveals that Android devices begin tracking users before they even open an app. The study found that Google deploys various identifiers without user consent, relaying data via pre-installed services like Google Play. These trackers, which cannot be removed without a factory reset, may raise legal concerns under GDPR.
GitGuardian's 2025 report reveals 70% of leaked secrets remain active two years later. Their latest deep dive into the widespread exposure of sensitive credentials shows no improvement in the fight against secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024, marking a 25% year-over-year increase.
This prestigious recognition highlights our cutting-edge mobile security technology, which protects apps and APIs from tampering, fraud, and unauthorized access. Being recognized alongside industry leaders like Lloyds Banking Group and Morgan Stanley underscores the impact of our patented app attestation technology in securing digital ecosystems.
