ADVERTISEMENT

Massive research into iOS apps uncovers widespread secret leaks, abysmal coding practices

Most apps on Apple’s App Store seem to leak at least one hard-coded secret. Many high-sensitivity secrets were found, including keys to cloud storage, various APIs, and even payment processors. Some endpoints are left completely unprotected, putting users at risk.

iOS apps leaking secrets, Apple

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 12, 2025 Updated: 14 March 2025 7 min read

Key takeaways

  • Almost 83,000 hardcoded Cloud storage endpoints, 836 of which do not require authentication, leaking 406TB of data.
  • Over 51,000 Firebase endpoints, thousands open to outsiders.
  • Thousands of keys exposed for Fabric API, Live Branch, MobApp Creator, and others.
  • Hundreds of the most sensitive keys can be abused to issue payments and refunds and obtain private data and communications.

Methodology

Vast number of low-sensitivity keys signals bad practices

iOS apps leaking secrets
Image by Cybernews.

Where things start to get interesting: 78,000 apps expose cloud storage buckets

Over 4% of Firebase endpoints left unprotected

ADVERTISEMENT

Thousands of Fabric API and Live Branch keys expose users

Maximum severity: leaking financial information and comms

leaking-secrets-ios

It’s time to handle secrets properly

vilius Gintaras Radauskas Niamh Ancell Ernestas Naprys
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT