ADVERTISEMENT

How Apple App Store apps can expose your data: hard-coded secrets explained

Your data can be exposed to bad actors because of poor programming practices.

hard-coded-secrets-featured
Adam Koscielak
Adam Koscielak Tech Content Writer
Mar 12, 2025 Updated: 29 July 2025 8 min read

Hard coded, easy to crack

Why do companies hard-code secrets?

Niamh Ancell BW Neilc vilius Ernestas Naprys
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

What data is exposed?

  • Contact information (e.g., name, email address, home address, etc.)
  • Login information (e.g., username, email address, password, etc.)
  • Usage information (e.g., for a fitness app, your pulse, exercise locations)
  • Data uploaded by you to the app (e.g., photos, videos)

Hard-coded secret leaks

Sisense (2024)

Toyota (2022)

Samsung (2022)

ADVERTISEMENT

iOS apps exposed for hard-coding secrets

Crumbl

Crumbl privacy
Crumbl App Privacy information

Eureka

Eureka app privacy
Eureka App Privacy information

Videoshop - Video Editor

Videoshop update history
Videoshop update history

Why doesn’t Apple do more to protect your data?

How to protect yourself

  • Never reuse passwords. Use a password manager to keep them all saved and secure.
  • Use two-factor authentication (2FA). That way, even if someone gets your password, they won’t be able to log in. The most secure 2FA methods are authenticator apps on your phone (e.g., Authy, Google Authenticator) and a 2FA security key (e.g., YubiKey).
  • Change your password whenever you’re notified of a security breach.

Final thoughts

ADVERTISEMENT