The cybernews study shows 71% of the iOS apps and leak -sensitive data -rave [PUBS]

Cybernews study determines 71% of the iOS apps of leak -sensitive data

A new study by cybernews researchers has shown that 71% of the iOS apps trigger sensitive data, including API key, cloud storage registration and financial information. The analysis that examined 156,080 randomly selected iOS apps – 8% of the Apple App Store – thrives concerns about the strict app assessment guidelines from Apple.

The first large-scale research of this kind and the results of cybernews underline significant weaknesses in hard-coded secrets stored in iOS applications.

Key results:

• Over 816,000 sensitive data exposures were found, which corresponds to an average of 5.23 secrets exposed per app.
• 406 TB of user data – including files, personal data and documents – were exposed via 836 publicly accessible Speicher -bucet.
• 2,218 Firebase instances (4.34%) were configured incorrectly, with 19.8 million data records (33 GB data) being uncovered, including user seats and backend analyzes.
• More than 51,000 apps use the Firebase database from Google and make user data susceptible to theft.

To put this in the right light:

• 406 TB borne data corresponds to 17 years of continuous HD video streaming.
• The 19.8 million leaked records would correspond to about 16 million iPhone photos.
• The number of apps used by Google's Firebase database (51,000) is larger than the number of Starbucks locations worldwide -an app with potential security risks.

How the study was carried out

Between the 2nd to 16th, 20th, 2024 cybernews researcher extracted the code of selected apps for hard-boiled secrets and analyzed them. While they did not try to decompilate or sub-fusced the apps, they found a considerable amount of sensitive data stored in plain text files within app archives.

The researchers also checked Cloudbucket and Firebase endpoints for authentication falcities. In addition to large leaks, they found:

• 79,000 Google project -IDS -is used for routing -API requests and for the management of Google Cloud resources.
• 79,000 Google App -IDS – intended for the persecution of ads and usage statistics.
• 68,000 client -ids, 43,000 Google Admob App -IDS, 37,000 Facebook -App -IDS, 20,000 Android -Client -IDS and 17,000 Facebook client -tokens have been exposed.

Observe how it works

https://www.youtube.com/watch?v=c80h7clpbiy

Cybernews warns that these vulnerabilities endanger millions of iOS users and strengthen the need for better security practices in the app development.

For the full report, visit the research of cybernews for the safety of the iOS app.