Infosecurity Magazine

Google API Keys Quietly Gain Access to Gemini on Android Devices

A flaw in Google's API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform.
Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
SiliconANGLE

Over 1,500 apps found leaking API keys and potentially exposing user data

Security researchers have uncovered more than 1,500 apps leaking the Algolia application programming interface key and application ID, potentially exposing user data. Discovered by researchers at ...
SecurityWeek

Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and ...
Bleeping Computer

Apps with over 3 million installs leak 'Admin' search API keys

Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information. Of those apps, 32 expose admin secrets, including 57 ...
The Tech Edvocate

Vulnerability Uncovered: Hardcoded API Keys in Popular Android Apps Expose Sensitive AI Data

Spread the loveThe digital landscape is continuously evolving, and with it, the necessity for robust cybersecurity measures has never been more critical. Recent findings by CloudSEK’s BeVigil have ...
Dark Reading

Thousands of Mobile Apps Leaking Twitter API Keys

Thousands of mobile apps are leaking Twitter API keys — some of which give adversaries a way to access or take over the Twitter accounts of users of these applications and assemble a bot army for ...