These highly-rated apps are leaking your data — find out if you’re affected

Summary

Nearly 200 App Store apps have been found to leak personal data, exposing millions of user records.

Most of the top offenders are AI apps.

If you’re using any of the affected apps, stop immediately and delete your data from them if possible.

Security firm CovertLabs has found that nearly 200 apps on the Apple App Store are leaking user data for millions of users. In a post on X, CovertLabs described the situation as “as bad as it gets.”

There’s a theme among the affected apps — most of the top offenders are AI-focused. This is problematic, as people tend to provide AI apps with more personal information — think questions about mental health, relationships, or finances. In some cases, this personal information is tied to email addresses and phone numbers and available for anyone to see.

Which apps are affected?

CovertLabs has put together a database of affected apps called Firehound. It ranks them by the number of files exposed and lets you browse redacted samples of the types of records being leaked. Here are the worst offenders:

Chat & Ask AI by Codeway — 406 million records

GenZArt — 18 million records

YPT – Study Group — 13 million records

Adult Coloring Book – Pigment — 7 million records

Kmstry — 7 million records

These five apps alone represent over 20 million unique users. Chat & Ask AI has a 4.8-star rating with 318,000 reviews on the App Store. This is not a small-scale issue, unfortunately.

The cause of the leaks

Sloppy coding, or something else?

The cause of the leaks is unclear. Given how many of these apps are AI-centric, it could be that in the rush to get AI tools to market, developers are cutting corners and skipping safety checks. It’s also not entirely clear how these apps are making it past Apple’s vetting process, which is meant to be strict. We don’t want to go too hard on Apple, though — privacy concerns exist on Android, too.

There doesn’t appear to be any indication that the leaks are intentional or malicious in nature, or that the apps are sending the data to third parties — it’s more a case of personal user data sitting exposed in places that are easily accessible to bad actors. According to a post from a CovertLabs researcher, the data from the worst offender, Chat & Ask AI by Codeway, was just sitting there, “completely accessible to anyone who knows where to look.”

What to do if you’re affected

Stop using the apps immediately

CovertLabs had offered to help app developers resolve these issues — in fact, the Chat & Ask AI app mentioned above has already been fixed. In the meantime, if you’re using any of the apps on the list, you should stop immediately. If possible, delete your data from the app and remove it from your device.

There doesn’t appear to be any indication that this data has made its way into nefarious hands, but that’s always a possibility, so keep an eye on your accounts. And if you’re feeling extra concerned about privacy, consider taking additional measures, like installing security and privacy extensions for Chrome or adjusting the settings on your phone.