282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
A network traffic study of 282 iOS AI applications revealed widespread leakage of API keys and OpenAI proxy access credentials. The apps transmitted these sensitive tokens in plaintext over the network, making them vulnerable to interception. This exposure could allow attackers to use the API keys for unauthorized access to AI services, potentially incurring costs for the app developers or users. The study highlights a critical security oversight in the integration of AI capabilities into mobile apps, where developers often hardcode credentials without proper encryption or secure storage. The findings underscore the need for better security practices in AI app development, such as using environment variables, secure enclaves, or server-side proxy configurations to protect API keys.
Developers must secure API keys in iOS apps to prevent unauthorized AI service usage.