A security investigation has unveiled significant vulnerabilities in the Android ecosystem, particularly within applications promoting artificial intelligence (AI) capabilities. Researchers from Cybernews scrutinized 1.8 million Android apps on the Google Play Store and concentrated on 38,630 AI applications, revealing serious data handling issues that could jeopardize sensitive user information.
The findings indicated that approximately 72% of the examined AI apps contained at least one hardcoded secret within their code. On average, each app compromised 5.1 secrets, culminating in the identification of 197,092 unique secrets. A troubling majority, over 81%, were associated with Google Cloud services, including API keys and storage buckets. The analysis revealed 26,424 hardcoded Google Cloud endpoints, with around two-thirds linked to previously deleted infrastructure. Among the endpoints still active, 8,545 required authentication, while hundreds were misconfigured, posing risks to over 200 million files and nearly 730 terabytes of user data.
Additionally, 285 Firebase databases were found without authentication controls, collectively leaking at least 1.1 gigabytes of data. Notably, 42% of these databases contained tables labeled as proof of concept, suggesting previous breaches. The presence of administrator accounts tied to potentially malicious email addresses raises concerns about ongoing exploitation, highlighting a systemic oversight in monitoring practices.