Title: Unveiling App Vulnerabilities: 70% of Apple App Store Apps Leave User Secrets Exposed

Title: Unveiling App Vulnerabilities: 70% of Apple App Store Apps Leave User Secrets Exposed

Join me as I delve into the shocking truth about Apple security and the vulnerability of iOS apps, where secrets are being leaked at an alarming rate - and what it means for your iPhone's privacy and security.

• 1. An researcher from Cybernews had his iPhone hacked by a colleague to demonstrate Apple security vulnerabilities.
• 2. The investigation found that 70% of apps on the Apple App Store, or around 1.2 million, potentially leave sensitive user data exposed.
• 3. This was discovered during a large-scale research project where a team at Cybernews investigated the App Store for secrets, such as passwords and API keys, left exposed in apps.
• 4. The investigation found that iOS apps are distributed as ZIP files, making it easy to extract and check text files for sensitive information.
• 5. Accessing this information is not illegal in most countries, as the apps are publicly published.
• 6. Cybernews created their own list of half a million app IDs from the App Store API since there isn't a centralized list available.
• 7. They then downloaded and scanned 150,000 apps for sensitive information, extracting over 815,000 secrets in total.
• 8. Exposed information can be used to steal money, expose private conversations, obtain credit card details, and more.
• 9. The investigation showed that 19 apps leaked Stripe credentials, which could facilitate unauthorized payments.
• 10. Cybernews has notified app developers of the findings but has not reported it as a vulnerability in Apple's services.
• 11. Testing iOS apps for security has become increasingly complicated due to reverse engineering tools and the growth of mobile apps.
• 12. Users can take precautions, such as using open-source apps, checking if chat apps use end-to-end encryption, or ensuring payment apps are backed by reputable banks.
• 13. Additional privacy measures include using password managers, data deletion services, and limiting personal information given to apps.
• 14. Cybernews offers a service called Incogni, which helps users remove their data from data brokers.
• 15. The lower your digital footprint, the less likely you are to be targeted by attackers.
• 16. Apple's app review process includes obtaining a developer license, using Apple hardware for development, and submitting the app for quality assurance testing.
• 17. However, Apple does not perform penetration tests on all apps and relies on developers to self-police their applications.
• 18. App security is a shared responsibility between Apple and developers.
• 19. Cybernews has reached out to Apple about the findings but considers this an issue with app development practices rather than a vulnerability in Apple's services.
• 20. Users should be cautious when downloading random apps, especially those requested by companies, restaurants, or events.
• 21. The researcher conducting the investigation uses an iPhone for testing purposes but disagrees with Apple's control over user functionality.
• 22. The researcher prefers using Mac products but verifies their privacy settings due to limited trust in Apple's complete security measures.
• 23. The large hype around Apple security should not replace individual responsibility in protecting personal data and secrets.
• 24. Subscribing to Cybernews can help fund further investigations into app security and other tech-related topics.

Source: Cybernews via YouTube

❓ What do you think? What are your thoughts on the ideas shared in this video? Feel free to share your thoughts in the comments!