Title: Unveiling App Vulnerabilities: 70% of Apple App Store Apps Leave User Secrets Exposed

Join me as I delve into the shocking truth about Apple security and the vulnerability of iOS apps, where secrets are being leaked at an alarming rate - and what it means for your iPhone's privacy and security.

  • 1. An researcher from Cybernews had his iPhone hacked by a colleague to demonstrate Apple security vulnerabilities.
  • 2. The investigation found that 70% of apps on the Apple App Store, or around 1.2 million, potentially leave sensitive user data exposed.
  • 3. This was discovered during a large-scale research project where a team at Cybernews investigated the App Store for secrets, such as passwords and API keys, left exposed in apps.
  • 4. The investigation found that iOS apps are distributed as ZIP files, making it easy to extract and check text files for sensitive information.
  • 5. Accessing this information is not illegal in most countries, as the apps are publicly published.
  • 6. Cybernews created their own list of half a million app IDs from the App Store API since there isn't a centralized list available.
  • 7. They then downloaded and scanned 150,000 apps for sensitive information, extracting over 815,000 secrets in total.
  • 8. Exposed information can be used to steal money, expose private conversations, obtain credit card details, and more.
  • 9. The investigation showed that 19 apps leaked Stripe credentials, which could facilitate unauthorized payments.
  • 10. Cybernews has notified app developers of the findings but has not reported it as a vulnerability in Apple's services.
  • 11. Testing iOS apps for security has become increasingly complicated due to reverse engineering tools and the growth of mobile apps.
  • 12. Users can take precautions, such as using open-source apps, checking if chat apps use end-to-end encryption, or ensuring payment apps are backed by reputable banks.
  • 13. Additional privacy measures include using password managers, data deletion services, and limiting personal information given to apps.
  • 14. Cybernews offers a service called Incogni, which helps users remove their data from data brokers.
  • 15. The lower your digital footprint, the less likely you are to be targeted by attackers.
  • 16. Apple's app review process includes obtaining a developer license, using Apple hardware for development, and submitting the app for quality assurance testing.
  • 17. However, Apple does not perform penetration tests on all apps and relies on developers to self-police their applications.
  • 18. App security is a shared responsibility between Apple and developers.
  • 19. Cybernews has reached out to Apple about the findings but considers this an issue with app development practices rather than a vulnerability in Apple's services.
  • 20. Users should be cautious when downloading random apps, especially those requested by companies, restaurants, or events.
  • 21. The researcher conducting the investigation uses an iPhone for testing purposes but disagrees with Apple's control over user functionality.
  • 22. The researcher prefers using Mac products but verifies their privacy settings due to limited trust in Apple's complete security measures.
  • 23. The large hype around Apple security should not replace individual responsibility in protecting personal data and secrets.
  • 24. Subscribing to Cybernews can help fund further investigations into app security and other tech-related topics.

Source: Cybernews via YouTube

❓ What do you think? What are your thoughts on the ideas shared in this video? Feel free to share your thoughts in the comments!