ADVERTISEMENT

Meditation iOS app leaked over 100K users’ personal details

An iPhone app for tai chi (a mind-body practice) and meditation, 7 Minute Chi - Meditate & Move, exposed numerous customers.

iOS meditation app data leak

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Apr 29, 2025 Updated: 29 April 2025 3 min read
Ernestas Naprys jurgita Paulina Okunyte Gintaras Radauskas
Stay informed and get our latest stories on Google News
Add us as your Preferred Source on Google.

iOS apps’ secrets revealed

  • API Key
  • Client ID
  • Database URL
  • Google App ID
  • Project ID
  • Reversed Client ID
  • Storage Bucket
  • Facebook App ID
  • Fabric API Key
ADVERTISEMENT

Apple apps leak secrets

“The data leaked from the app was sensitive as it may allow threat actors to obtain app users’ email addresses and launch spam or phishing campaigns against them.”

How to fix leaky apps?

  • Make use of appropriate Firebase security rules in order to make sure only authorized and authenticated users and services can access stored data.
  • Remove sensitive Secrets from the client side of the application and place them on the server side of the application, proxying traffic through your own infrastructure to third-party services used by the app.

  • Leak discovered: January 7th, 2025
  • Initial disclosure: January 15th, 2025
  • CERT contacted: February 13th, 2025
ADVERTISEMENT