Title: Unveiling App Vulnerabilities: 70% of Apple App Store Apps Leave User Secrets Exposed
Join me as I delve into the shocking truth about Apple security and the vulnerability of iOS apps, where secrets are being leaked at an alarming rate - and what it means for your iPhone's privacy and security.
- 1. An researcher from Cybernews had his iPhone hacked by a colleague to demonstrate Apple security vulnerabilities.
- 2. The investigation found that 70% of apps on the Apple App Store, or around 1.2 million, potentially leave sensitive user data exposed.
- 3. This was discovered during a large-scale research project where a team at Cybernews investigated the App Store for secrets, such as passwords and API keys, left exposed in apps.
- 4. The investigation found that iOS apps are distributed as ZIP files, making it easy to extract and check text files for sensitive information.
- 5. Accessing this information is not illegal in most countries, as the apps are publicly published.
- 6. Cybernews created their own list of half a million app IDs from the App Store API since there isn't a centralized list available.
- 7. They then downloaded and scanned 150,000 apps for sensitive information, extracting over 815,000 secrets in total.
- 8. Exposed information can be used to steal money, expose private conversations, obtain credit card details, and more.
- 9. The investigation showed that 19 apps leaked Stripe credentials, which could facilitate unauthorized payments.
- 10. Cybernews has notified app developers of the findings but has not reported it as a vulnerability in Apple's services.
- 11. Testing iOS apps for security has become increasingly complicated due to reverse engineering tools and the growth of mobile apps.
- 12. Users can take precautions, such as using open-source apps, checking if chat apps use end-to-end encryption, or ensuring payment apps are backed by reputable banks.
- 13. Additional privacy measures include using password managers, data deletion services, and limiting personal information given to apps.
- 14. Cybernews offers a service called Incogni, which helps users remove their data from data brokers.
- 15. The lower your digital footprint, the less likely you are to be targeted by attackers.
- 16. Apple's app review process includes obtaining a developer license, using Apple hardware for development, and submitting the app for quality assurance testing.
- 17. However, Apple does not perform penetration tests on all apps and relies on developers to self-police their applications.
- 18. App security is a shared responsibility between Apple and developers.
- 19. Cybernews has reached out to Apple about the findings but considers this an issue with app development practices rather than a vulnerability in Apple's services.
- 20. Users should be cautious when downloading random apps, especially those requested by companies, restaurants, or events.
- 21. The researcher conducting the investigation uses an iPhone for testing purposes but disagrees with Apple's control over user functionality.
- 22. The researcher prefers using Mac products but verifies their privacy settings due to limited trust in Apple's complete security measures.
- 23. The large hype around Apple security should not replace individual responsibility in protecting personal data and secrets.
- 24. Subscribing to Cybernews can help fund further investigations into app security and other tech-related topics.
Source: Cybernews via YouTube
❓ What do you think? What are your thoughts on the ideas shared in this video? Feel free to share your thoughts in the comments!