Home Innovation BYOD 92 Mobile Apps Expose User Dat...

92 Mobile Apps Expose User Data Through Hardcoded AWS Keys, Researchers Warn

BYOD

Business Honor
18 April, 2025

Critical security flaw puts millions at risk amid rising mobile app vulnerabilities worldwide.

A recent study conducted by CloudSEK has thrown serious doubts about the security of mobile apps, which discovered that 92 of the most widely used Android and iOS apps have hardcoded Amazon Web Services (AWS) credentials. This revelation can expose millions of users' personal data to jeopardy due to irresponsible development practices.

CloudSEK analysis concluded that such apps, with more than 100 million downloads, represent a mix of e-commerce, fintech, health, and educational websites. Hardcoded AWS credentials hardcoded inside the application code can grant attackers unrestricted access to servers, storage, and user information if not properly secured. In some instances, tokens granted complete admin-level access to back-end infrastructure.

Even more distressing about the find is that developers or companies have no idea or sense of urgency concerning these apps. The researchers said that most tokens have been in use for a long time, so developers wouldn't know of the vulnerability or its severity.

This attack signals an even broader threat to cybersecurity, especially for organizations that implement BYOD (Bring Your Own Device) policies. If employees use personal devices with these vulnerable apps, it increases the risk of data breach spilling over to business networks.

Experts recommend that the organizations impose more rigorous security screening on the mobile apps, either if they are business apps or installed on devices owned by users connected to company networks. Furthermore, app developers should employ safe coding methods and avoid inserting sensitive credentials into source code.

CloudSEK has notified the concerned developers to replace the breached credentials and use more secure means of backend communication. As cyber attacks across the globe are increasing, the breach reflects the necessity of proper mobile app security on a priority basis.