Researchers find hundreds of iOS apps leaking AI credentials

Researchers from Wake Forest University found that 282 of 444 iOS apps with large language model features leaked AI credentials or exposed backend access mechanisms, with only 28% fixing the issues after a 90-day disclosure period. The study, published on arXiv, identified three leakage patterns including plaintext API keys, misconfigured JWT tokens, and unauthenticated backend proxies, affecting apps across 13 categories.

Researchers find hundreds of iOS apps leaking AI credentials Researchers from Wake Forest University analysed 444 iOS applications with LLM features and found 282 64% that exposed exploitable credentials or backend access mechanisms, according to a paper published on arXiv 2606.12212 . The team built a framework called LLMKeyLens to intercept app traffic and identify provider-specific API keys, JWT tokens, and unauthenticated backend endpoints for services including OpenAI, Google Gemini, Anthropic, and DeepSeek. Of the 282 vulnerable apps, 146 were classified as fully exploitable. After responsible disclosure and a 90-day waiting period, only 78 apps 28% had remediated the issues, per the paper. Research and findings Researchers built a framework called LLMKeyLens to analyze how iPhone applications integrate with large language model services including OpenAI, Google Gemini, Anthropic, and DeepSeek, per a paper published on arXiv 2606.12212 . Starting from more than 5,600 AI-related apps collected from the US App Store, the team assembled a final dataset of 444 iOS applications with confirmed LLM-powered features after filtering out inaccessible or non-functional apps. Scale of exposure Of the 444 applications analyzed, 282 apps 64% exposed LLM-related credentials or backend access mechanisms; 146 of those were classified as fully exploitable. The vulnerable applications spanned 13 categories including productivity, entertainment, lifestyle, education, utilities, and health and fitness. Some affected apps carried user ratings in the millions, per the paper. Three leakage patterns The researchers identified three primary patterns. The first and most severe involved apps embedding plaintext API keys directly in outbound requests to AI providers, enabling immediate credential theft via traffic interception; some of these apps also exposed proprietary system prompts alongside the keys. The second pattern involved improperly configured JWT bearer tokens: developers moved API keys to backend servers and issued tokens to clients, but tokens could be intercepted and replayed to access AI services through the backend proxy. The third pattern involved unauthenticated backend proxies: 92 apps correctly hid their API keys server-side but required no authentication before processing requests, turning the backend into an open AI relay for anyone who knew the endpoint URL. Disclosure and remediation Following responsible disclosure, the team notified developers of all 282 vulnerable apps and retested after a 90-day window. Only 78 apps 28% fixed the reported issues. In several cases tokens remained valid for months due to missing expiration controls; one JWT was issued with a validity period exceeding 100 years, per the paper. Practitioner recommendations The researchers recommend that developers enforce proper authentication and authorization on backend services, noting that hiding the API key server-side is insufficient without access control. They also suggest AI providers publish clearer reference implementations for secure integrations, and that Apple incorporate automated credential-leak detection into App Store review to catch insecure AI integrations before apps reach users. Scoring Rationale The paper delivers concrete, at-scale empirical findings - 282 of 444 tested apps 64% exposed LLM credentials, with 146 fully exploitable and a mere 28% fix rate post-disclosure. This is actionable for developers integrating AI APIs into mobile apps and surfaces a systemic, quantified security gap in the iOS AI ecosystem. Scope is specific to iOS and to app-level credential handling rather than a platform-level vulnerability, placing it in the notable tier. Practice with real Logistics & Shipping data 90 SQL & Python problems · 15 industry datasets High-Value Overnight OrdersEasy /problems/sql/high-value-overnight-orders Delivered International ShipmentsMedium /problems/sql/delivered-international-shipments On-Time Delivery Rate by CarrierHard /problems/sql/on-time-delivery-rate-by-carrier 250 free problems · No credit card See all Logistics & Shipping problems /problems/datasets/logistics