Summary<\/p>\n
Nearly 200 App Store apps have been found to leak personal data, exposing millions of user records.<\/p>\n
Most of the top offenders are AI apps.<\/p>\n
If you’re using any of the affected apps, stop immediately and delete your data from them if possible. <\/p>\n
Security firm CovertLabs has found that nearly 200 apps on the Apple App Store are leaking user data for millions of users. In a post on X<\/a>, CovertLabs described the situation as “as bad as it gets.” <\/p>\n There’s a theme among the affected apps \u2014 most of the top offenders are AI-focused. This is problematic, as people tend to provide AI apps with more personal information \u2014 think questions about mental health, relationships, or finances. In some cases, this personal information is tied to email addresses and phone numbers and available for anyone to see.<\/p>\n Which apps are affected?<\/p>\n CovertLabs has put together a database of affected apps called Firehound<\/a>. It ranks them by the number of files exposed and lets you browse redacted samples of the types of records being leaked. Here are the worst offenders:<\/p>\n Chat & Ask AI by Codeway \u2014 406 million records<\/p>\n GenZArt \u2014 18 million records<\/p>\n YPT – Study Group \u2014 13 million records<\/p>\n Adult Coloring Book – Pigment \u2014 7 million records<\/p>\n Kmstry \u2014 7 million records<\/p>\n These five apps alone represent over 20 million unique users. Chat & Ask AI has a 4.8-star rating with 318,000 reviews on the App Store. This is not a small-scale issue, unfortunately.<\/p>\n The cause of the leaks<\/p>\n Sloppy coding, or something else?<\/p>\n The cause of the leaks is unclear. Given how many of these apps are AI-centric, it could be that in the rush to get AI tools to market, developers are cutting corners and skipping safety checks. It’s also not entirely clear how these apps are making it past Apple’s vetting process, which is meant to be strict. We don’t want to go too hard on Apple, though \u2014 privacy concerns exist on Android<\/a>, too. <\/p>\n There doesn’t appear to be any indication that the leaks are intentional or malicious in nature, or that the apps are sending the data to third parties \u2014 it’s more a case of personal user data sitting exposed in places that are easily accessible to bad actors. According to a post from a CovertLabs researcher<\/a>, the data from the worst offender, Chat & Ask AI by Codeway, was just sitting there, “completely accessible to anyone who knows where to look.” <\/p>\n What to do if you’re affected<\/p>\n Stop using the apps immediately<\/p>\n CovertLabs had offered to help app developers resolve these issues \u2014 in fact, the Chat & Ask AI app mentioned above has already been fixed<\/a>. In the meantime, if you’re using any of the apps on the list, you should stop immediately. If possible, delete your data from the app and remove it from your device.<\/p>\n There doesn’t appear to be any indication that this data has made its way into nefarious hands, but that’s always a possibility, so keep an eye on your accounts. And if you’re feeling extra concerned about privacy, consider taking additional measures, like installing security and privacy extensions for Chrome<\/a> or adjusting the settings on your phone<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"Summary Nearly 200 App Store apps have been found to leak personal data, exposing millions of user records.…\n","protected":false},"author":2,"featured_media":244698,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[342,111,139,69,145],"class_list":{"0":"post-244697","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-mobile","9":"tag-new-zealand","10":"tag-newzealand","11":"tag-nz","12":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/244697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/comments?post=244697"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/244697\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media\/244698"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media?parent=244697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/categories?post=244697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/tags?post=244697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}