{"id":57491,"date":"2024-10-23T14:13:11","date_gmt":"2024-10-23T14:13:11","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36506\/Millions-At-Risk-From-Hardcoded-Creds-In-Popular-iOS-And-Android-Apps.html"},"modified":"2024-10-23T14:13:11","modified_gmt":"2024-10-23T14:13:11","slug":"millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/","title":{"rendered":"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps"},"content":{"rendered":"<p>An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to major security problems.<\/p>\n<p>The problem stems from lazy coding, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.security.com\/threat-intelligence\/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps\">according to<\/a> Yuanjing Guo and Tommy Dong, a pair of software engineers at Symantec&#8217;s Security Technology and Response. The duo warn that leaving creds in code means anyone with access to the app&#8217;s binary or source code could gain access to backend infrastructure and potentially exfiltrate user data.<\/p>\n<p>&#8220;This practice exposes critical infrastructure to potential attacks, endangering user data and backend services,&#8221; Symantec&#8217;s researchers warned. &#8220;The widespread nature of these vulnerabilities across both iOS and Android platforms underscores the urgent need for a shift towards more secure development practices,&#8221; they added.<\/p>\n<p>These are the apps in which Symantec spotted creds, but there may well be more:<\/p>\n<ul>\n<li><strong>The Pic Stitch<\/strong> \u2013 Over five million people have rated this collage-editing app for Android and unfortunately it contains hardcoded AWS credentials which would allow an attacker to harvest production credentials, including a linked Amazon S3 bucket name, the read and write access keys, and secret keys.<\/li>\n<li><strong>Crumbl<\/strong> \u2013 This iOS app helps users to source sugary treats but also exposes the developers&#8217; AWS plain-text credentials, including an access key and secret key. &#8220;Furthermore, the inclusion of a WebSocket Secure (WSS) endpoint within the code \u2013 <code>wss:\/\/***.iot.us-west-2.amazonaws.com<\/code> \u2013 highlights a significant security oversight,&#8221; the researchers warn.<\/li>\n<li><strong>Eureka<\/strong> \u2013 This survey taking app, rated by nearly 500,000 Apple and Android users, has hardcoded AWS credentials directly in the app and the access and secret keys stored in plain text.<\/li>\n<li><strong>Videoshop<\/strong> \u2013 The code of this video editor includes unencrypted AWS credentials that would allow someone with the binary to steal data, access backend infrastructure and potentially bring it down. Nearly 400,000 people have rated this app.<\/li>\n<li><strong>Meru Cabs<\/strong> \u2013 This Indian taxi-hailing app, used by around five million people, has hardcoded Azure credentials available that would allow access to cloud storage setups.<\/li>\n<li><strong>Sulekha Business<\/strong> \u2013 The networking and lead generating app has around half a million users and makes much of its security on its website. However, Symantec&#8217;s analysis shows it has more than one hardcoded Azure credential available for attackers and uses plain-text connection strings to access Azure Blob Storage containers.<\/li>\n<li><strong>ReSound Tinnitus Relief<\/strong> \u2013 This sound therapy app, with around 500,000 users, is not exactly music to a security specialist&#8217;s ears, since it too embeds its Azure Blob Storage credentials in a way that&#8217;s easy to spot. So does the <strong>Beltone Tinnitus Calmer<\/strong> app on Android, which has around 100,000 users.<\/li>\n<li><strong>EatSleepRIDE Motorcycle GPS<\/strong> \u2013 This forum app contains hardcoded Twilio credentials, putting its estimated 100,000 users at risk.<\/li>\n<\/ul>\n<p>Symantec recommends users install a third-party security system to block any of the consequences of these coding errors, and \u2013 surprise, surprise \u2013 it <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.broadcom.com\/products\/cyber-security\/endpoint\/end-user\">has one for the purpose<\/a>. Users should also be very wary of whatever permissions their apps ask for and only install apps from trusted sources.<\/p>\n<p>Or developers could just write better code and use services like AWS Secrets Manager or Azure Key Vault that are designed to keep sensitive information in a safe place. Symantec&#8217;s researchers also recommend encrypting everything and conducting regular code reviews and security scanning. \u00ae<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36506\/Millions-At-Risk-From-Hardcoded-Creds-In-Popular-iOS-And-Android-Apps.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[11088],"class_list":["post-57491","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlineprivacyphonedata-lossgooglepasswordapple"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-23T14:13:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps\",\"datePublished\":\"2024-10-23T14:13:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/\"},\"wordCount\":550,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,privacy,phone,data loss,google,password,apple\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/\",\"name\":\"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-10-23T14:13:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,phone,data loss,google,password,apple\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineprivacyphonedata-lossgooglepasswordapple\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/","og_locale":"en_US","og_type":"article","og_title":"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-10-23T14:13:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps","datePublished":"2024-10-23T14:13:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/"},"wordCount":550,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,privacy,phone,data loss,google,password,apple"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/","url":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/","name":"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-10-23T14:13:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZxneS8L6bLXJuvWZF_UIQwAAAEE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/millions-at-risk-from-hardcoded-creds-in-popular-ios-and-android-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,phone,data loss,google,password,apple","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacyphonedata-lossgooglepasswordapple\/"},{"@type":"ListItem","position":3,"name":"Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57491"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57491\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}