Security researchers are warning about unsecured AI apps on Google Play that risk exposing sensitive user data, including photos and identity documents. Many issues stem from poor cloud configurations and hardcoded credentials. Investigations revealed one app, “Video AI Art Generator & Maker,” leaked over 12 terabytes of user media due to a misconfigured Google Cloud bucket, affecting 1.5 million user images and over 385,000 videos. Another app, IDMerit, exposed personal information of users across 25 countries. Alarmingly, 72% of analyzed Android apps displayed risky practices like hardcoded API keys, facilitating data breaches. While Google has implemented security protocols, users should remain vigilant. To mitigate risks, choose reputable developers, review data safety policies, and limit app permissions. Developers must enhance security measures by avoiding hardcoded secrets and applying the OWASP Mobile Security standards. The balance between AI convenience and user privacy is critical; users must be discerning about sharing personal data.
Source link
