The Cybernews research team has analyzed 1.8 million Android apps on the Google Play Store and found that most AI apps leak an average of five secrets. Analyzed apps are leaking hardcoded secrets and cloud endpoints, putting users at risk or, in some cases, even potentially allowing attackers to empty their digital wallets.
Key research takeaways:
- 72% of analyzed Android AI apps contained at least one hardcoded secret.
- On average, an AI app leaks 5.1 secrets, and 81.14% of the detected secrets were related to Google Cloud Project identifiers, endpoints, and API keys.
- 68% of the hardcoded secrets pertained to Google Cloud Project Identifiers and API Keys.
- LLM API Keys were mostly secured, with mainly low-risk LLM API Keys found hardcoded.
- An investigation found that hundreds of AI apps had already been breached.
- Leaky instances of Firebase and Google Cloud Storage have already exposed over 200 million files, totaling nearly 730TB of user data.
- Android AI apps exhibit similar dangerous tendencies to hardcoded secrets found in iOS apps, as Cybernews investigated in 2025.
Secrets already exploited
Cybernews researchers identified 285 Firebase instances missing authentication entirely, leaving them openly accessible to anyone. Collectively, these databases leaked 1.1GB of user data.
The team is sure that the instances were already compromised. In 42% of cases, the researchers found a table explicitly named “poc,” shorthand for “proof of concept.”
Google secrets were leaked the most
More than 81% of all detected secrets were related to Google Cloud projects. In total, researchers identified 197,092 unique secrets, averaging 5.1 per app, of which just 0.96 were not connected to Google.
The second most common category of embedded identifiers belonged to Facebook, primarily app IDs and client tokens, which are frequently hardcoded for analytics, login, and advertising integrations.
Please find the full Cybernews research article here.
Related
This entry was posted on January 29, 2026 at 8:55 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Android AI apps leak Google secrets the most with hundreds already breached
The Cybernews research team has analyzed 1.8 million Android apps on the Google Play Store and found that most AI apps leak an average of five secrets. Analyzed apps are leaking hardcoded secrets and cloud endpoints, putting users at risk or, in some cases, even potentially allowing attackers to empty their digital wallets.
Key research takeaways:
Secrets already exploited
Cybernews researchers identified 285 Firebase instances missing authentication entirely, leaving them openly accessible to anyone. Collectively, these databases leaked 1.1GB of user data.
The team is sure that the instances were already compromised. In 42% of cases, the researchers found a table explicitly named “poc,” shorthand for “proof of concept.”
Google secrets were leaked the most
More than 81% of all detected secrets were related to Google Cloud projects. In total, researchers identified 197,092 unique secrets, averaging 5.1 per app, of which just 0.96 were not connected to Google.
The second most common category of embedded identifiers belonged to Facebook, primarily app IDs and client tokens, which are frequently hardcoded for analytics, login, and advertising integrations.
Please find the full Cybernews research article here.
Share this:
Like this:
Related
This entry was posted on January 29, 2026 at 8:55 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.