According to malware researchers VX Underground on X<\/a>, security firm CovertLabs is working on a project to document iOS apps that leak user information<\/a> into the wild. At the time of VX Underground\u2019s X post, 198 guilty apps had been identified, with the top culprits all being related to artificial intelligence (AI)<\/a> in some way.<\/p>\n <\/p>\n The worst offender was an app named Chat & Ask AI by Codeway, which according to CovertLabs<\/a> has exposed the entire chat history of some 18 million users \u2013 that\u2019s a total of 380 million messages \u2013 as well as user phone numbers and email addresses. This information is apparently \u201ccompletely accessible to anyone who knows where to look\u201d which, considering the sensitive information people often feed into AIs, is \u201cas bad as it gets,\u201d CovertLabs says.<\/p>\n You may like<\/p>\n Study app ‘YPT \u2013 Study Group’ was also found to be at fault, with research indicating that information from over two million users was exposed. That includes chat messages, AI tokens, user IDs and user keys, according to VX Underground.<\/p>\n CovertLabs has created a repository of affected apps, which it has named Firehound<\/a>. You can browse through redacted sample data to see what information was leaked, as well as which apps have been exposed the most. Much of the data is sensitive and has been restricted, with interested parties needing to request access to the information.<\/p>\n CovertLabs says that affected developers should reach out to the firm, at which point the app will be removed from the repository and the developers will receive help on how to fix their apps.<\/p>\n Bad for users, developers and Apple<\/p>\n \n (Image credit: Shutterstock.com)<\/p>\n The fact that many of the leakiest apps \u2013 including Chat & Ask AI, GenZArt, Kmstry and Genie \u2013 are related to AI isn’t too surprising. In the rush to capitalize on the AI goldmine, it\u2019s likely that many developers have cut corners or implemented lax security measures in order to get their app out the door and onto the App Store.<\/p>\n But some of the blame should probably also fall at the feet of Apple. The company takes pride in the security of its App Store<\/a> compared to the likes of the Google Play Store<\/a>, which is often found to contain more malicious and insecure apps<\/a> than Apple\u2019s effort.<\/p>\n Yet that\u2019s not always the case<\/a> \u2013 Apple\u2019s App Store has problems of its own, and the fact that such vulnerable apps have seemingly made it past the App Store\u2019s review process is not a good look for Apple.<\/p>\n If you use any of the affected apps, you should stop immediately. You won\u2019t be able to do much about the data that\u2019s already exposed, but you can at least stop adding more. You should also start using one of the best password managers<\/a> and change the passwords of any accounts that share the email address you used for the compromised apps. If you know anyone else using these apps, warn them about the dangers.<\/p>\n Hopefully, the affected developers will be able to secure their apps \u2013 and other developers will learn about the risks before it\u2019s too late.<\/p>\n Follow TechRadar on Google News<\/a> and add us as a preferred source<\/a> to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!<\/p>\n And of course you can also follow TechRadar on TikTok<\/a> for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp<\/a> too.<\/p>\n![\"app](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2026\/01\/8eNjPiJTRi72AXggVqB5YN.jpg\")
\n<\/p>\n
![\"NordPass\"](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2026\/01\/uz0mtap1rhib8fho-15871235480434-100-80.png.webp.webp\" "\\"NordPass\\"")
<\/a>