- Google Cloud services dominate leaked credentials across the Android ecosystem
- Hundreds of Firebase databases show clear signs of automated compromise
- Exposed storage buckets leaked hundreds of millions of files
A major security investigation has analyzed 1.8 million Android apps available on the Google Play Store, focusing on those that explicitly claim AI features, and identified worrying security flaws which may be exposing secrets.
From the initial research pool, Cybernews researchers identified 38,630 Android AI apps and examined their internal code for exposed credentials and cloud service references, finding widespread data handling failures that extended far beyond isolated developer mistakes.
Overall, the researchers found nearly three-quarters (72%) of the analyzed Android AI apps contained at least one hardcoded secret embedded directly in application code - and on average, each affected app leaked 5.1 secrets.
Hardcoded secrets remain common across Android AI apps
In total, the researchers identified 197,092 unique secrets across the dataset, showing that insecure coding practices remain widespread despite long standing warnings.
More than 81% of all detected secrets were tied to Google Cloud infrastructure, including project identifiers, API keys, Firebase databases, and storage buckets.
Of the hardcoded Google Cloud endpoints detected, 26,424 were identified, though roughly two thirds pointed to infrastructure that no longer existed.
Among the remaining endpoints, 8,545 Google Cloud storage buckets still existed and required authentication, while hundreds were misconfigured and left publicly accessible - possibly exposing more than 200 million files, totaling nearly 730TB of user data.
The study also identified 285 Firebase databases with no authentication controls at all, collectively leaking at least 1.1GB of user data.
In 42% of these exposed databases, researchers found tables labeled as proof of concept, indicating prior compromise by attackers.
Other databases contained administrator accounts created with attacker style email addresses, showing that exploitation was not theoretical but already underway.
Many of these databases remained unsecured even after clear signs of intrusion, suggesting poor monitoring rather than one-time mistakes.
Despite concern around AI features, leaked large language model API keys were relatively rare - only a small number of keys associated with major providers such as OpenAI, Google Gemini, and Claude were detected across the entire dataset.
In typical configurations, these leaked keys would allow attackers to submit new requests but would not provide access to stored conversations, historical prompts, or previous responses.
Some of the most severe exposures involved live payment infrastructure, including leaked Stripe secret keys capable of granting full control over payment systems.
Other leaked credentials enabled access to communication, analytics, and customer data platforms, allowing impersonation of apps or unauthorized data extraction.
These failures cannot be mitigated by basic tools like a firewall or malware removal tools after exposure has occurred.
The scale of exposed data and the number of already compromised apps suggest that app store screening alone has not reduced systemic risk.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.