Apple often promotes the App Store as a secure place to download apps. The company highlights strict reviews and a closed system as key protections for iPhone users. That reputation now faces serious questions.

New research shows that thousands of iOS apps approved by Apple contain hidden security flaws. These flaws can expose user data, cloud storage and even payment systems. 

The issue is not malware; it’s poor security practices baked directly into the app code.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

APPLE WARNS MILLIONS OF IPHONES ARE EXPOSED TO ATTACK

What researchers discovered inside iOS apps

Security researchers at Cybernews, a cybersecurity research firm, analyzed the code of more than 156,000 iPhone apps. That represents about 8% of all apps available worldwide.

Here is what they found:

• Over 815,000 hidden secrets inside app code
• An average of five secrets per app
• 71% of apps leaked at least one secret

These secrets include passwords, API keys and access tokens. Developers place them directly inside apps, where anyone can extract them. According to Cybernews researcher Aras Nazarovas, this makes attackers’ jobs much easier than most users realize.

What are hardcoded secrets in simple terms?

A hardcoded secret is sensitive information saved directly inside an app instead of being protected on a secure server. Think of it like writing your bank PIN on the back of your debit card. Once someone downloads the app, they can inspect its files and pull out those secrets. Attackers do not need special access or advanced hacking tools. Both the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warn developers not to do this. Yet it is happening at a massive scale.

Cloud storage leaks exposed huge amounts of data

One of the most serious problems involves cloud storage. More than 78,000 iOS apps contained direct links to cloud storage buckets. These buckets store files such as photos, documents, receipts and backups. In some cases, no password was required at all. Researchers found:

• 836 storage buckets are fully open to the public
• Over 76 billion exposed files
• More than 406 terabytes of leaked data

This data included user uploads, registration details, app logs and private records. Anyone who knew where to look could view or download it.

APPLE PATCHES TWO ZERO-DAY FLAWS USED IN TARGETED ATTACKS

Firebase databases were also left open

Many iOS apps rely on Google Firebase to store user data. Cybernews found more than 51,000 Firebase database links hidden in app code. While some were protected, over 2,200 had no authentication. That exposed:

• Nearly 20 million user records
• Messages, profiles, and activity logs
• Databases that are mostly hosted in the U.S.

If a Firebase database is not locked down, attackers can browse user data like a public website.

Payment and login systems were at risk too

Some of the leaked secrets were far more dangerous than analytics or ads. Researchers discovered secret keys for:

• Stripe, which handles payments and refunds
• JWT authentication systems that control logins
• Order management tools used by shopping apps

A leaked Stripe secret key can allow attackers to issue refunds, move money or access billing details. Leaked login keys can let attackers impersonate users or take over accounts.

AI and social apps were among the worst offenders

Some of the apps with the largest leaks were related to artificial intelligence. According to VX Underground, security firm CovertLabs identified 198 iOS apps leaking user data. The worst known case was Chat & Ask AI by Codeway. Researchers say it exposed chat histories, phone numbers and email addresses tied to millions of users. Another app, YPT – Study Group, reportedly leaked messages, user IDs and access tokens. CovertLabs tracks these incidents in a restricted repository called Firehound. The full list of affected apps has not been publicly released, and researchers say the data is limited to prevent further exposure and to give developers time to fix security flaws.

MALICIOUS GOOGLE CHROME EXTENSIONS HIJACK ACCOUNTS

Why Apple’s App review can miss hidden security risks

Apple reviews apps before they appear in the App Store. However, the review process does not scan app code for hidden secrets. If an app behaves normally during testing, it can pass review even if sensitive keys are buried inside its files. This creates a gap between Apple’s security claims and real-world risks. Removing leaked secrets is not simple for developers. They must revoke old keys, create new ones and rebuild parts of their apps. That can break features and delay updates. Even though Apple says most app updates are reviewed within 24 hours, some updates take weeks. During that time, vulnerable apps can remain available.

CyberGuy contacted Apple for comment, but did not receive a response before publication.

Ways to stay safe right now

You cannot easily inspect an app for hidden secrets. Apple does not provide tools for that. Still, you can reduce your risk and limit exposure by being selective and cautious. These steps help reduce the risk if an app leaks data behind the scenes.

1) Stick to established app developers

Well-known developers tend to have stronger security teams and better update practices. Smaller or unknown apps may rush features to market and overlook security basics. Before downloading, check how long the developer has been active and how often the app is updated.

2) Review and limit app permissions

Many apps ask for more access than they need. Location, contacts, photos and microphone access all increase the risk of data leaks. Go into your iPhone settings and remove permissions that are not essential for the app to work.

3) Delete apps you no longer use

Unused apps still retain access to data you shared in the past. They may also store information on remote servers long after you stop opening them. If you have not used an app in months, remove it. Here’s how: Open Settings, tap General, select iPhone Storage, and scroll through the list of apps to see when each one was last used. Tap any app you no longer need and select Delete App to remove it and reduce ongoing data exposure.

4) Be cautious with personal and financial details

Avoid entering sensitive information unless it is absolutely necessary. This includes full names, addresses, payment details and private conversations. AI apps are especially risky if you share deeply personal content.

5) Use a password manager for every account

A password manager creates strong, unique passwords for each app and service. This prevents attackers from accessing multiple accounts if one app leaks data. Never reuse passwords tied to your email address.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

6) Change passwords tied to exposed apps

If an app uses your email address for login, change that password immediately. Do this even if there is no confirmation of a breach. Attackers often test leaked credentials across other services.

7) Consider using a data removal service

Some leaked data ends up with data brokers that sell personal information online. A data removal service can help find and remove your details from these databases. This reduces the chance that exposed app data gets reused for scams or identity theft.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

8) Monitor your accounts for unusual activity

Watch for unexpected emails, password reset notices, login alerts, or payment confirmations. These can signal that leaked data is already being abused. Act quickly if something looks off.

9) Pause use of risky AI and chat apps

If you use AI apps for private conversations, consider stopping until the developer confirms security fixes. Once data is exposed, it cannot be pulled back. Avoid sharing sensitive details with apps that store conversations remotely.

Kurt’s key takeaways

Apple’s App Store still offers important protections, but this research shows it is not foolproof. Many trusted iPhone apps quietly expose data due to basic security mistakes. Until app reviews improve, you need to stay alert and limit how much data you share.

How many apps on your iPhone have access to information you would not want exposed? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com. All rights reserved.

Apple says the iPhone had its “best-ever” quarter, with revenue hitting more than $85.3 billion over the past few months. The company announced the news as part of its Q1 2026 earnings report, which also revealed record-breaking revenue of $143.8 billion, up 16 percent when compared to the same time last year.

“iPhone had its best-ever quarter driven by unprecedented demand, with all-time records across every geographic segment, and Services also achieved an all-time revenue record, up 14 percent from a year ago,” Apple CEO Tim Cook says in the press release.

Apple’s services revenue, which includes subscriptions like Apple Music, iCloud, and Apple TV surged 14 percent year over year, while Mac and wearable revenue were down.

In the coming months, Apple will bring promised AI-powered personalization features to Siri. Apple is partnering with Google to power this upgrade, which will use a custom version of Google’s Gemini AI model.

The company is also acquiring an AI startup, called Q.ai, for $2 billion, according to the Financial Times. Though there aren’t any details on how Apple plans to use the startup’s technology, the Financial Times reports that Q.ai’s patents “show its technology being used in headphones or glasses, using ‘facial skin micro movements’ to communicate without talking.”

What happens when artificial intelligence (AI) moves from painting portraits to designing homes? That question is no longer theoretical. 

At the Utzon Center in Denmark, Ai-Da Robot, the world’s first ultra-realistic robot artist, has made history as the first humanoid robot to design a building.

The project, called Ai-Da: Space Pod, is a modular housing concept created for future bases on the Moon and Mars. CyberGuy has covered Ai-Da before, when her work focused on drawing, painting and performance art. That earlier coverage showed how a robot could create original artwork in real time and why it sparked global debate.

Now, the shift is clear. Ai-Da is moving beyond art and into physical spaces designed for humans and robots to live in.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.com newsletter.

3D-PRINTED HOUSING PROJECT FOR STUDENT APARTMENTS TAKES SHAPE

Inside the ‘I’m not a robot’ exhibition

The exhibition “I’m not a robot” has just opened at Utzon Center and runs through October. It explores the creative capacity of machines at a time when robots are increasingly able to think and create for themselves. Visitors can experience Ai-Da’s drawings, paintings and architectural concepts. Throughout the exhibition period, visitors can also follow Ai-Da’s creative process through sketches, paintings and a video interview.

ELON MUSK TEASES A FUTURE RUN BY ROBOTS

How Ai-Da creates art and architecture

Ai-Da is not a digital avatar or animation. She has camera eyes, specially developed AI algorithms and a robotic arm that allows her to draw and paint in real time. Developed in Oxford and built in Cornwall in 2019, Ai-Da works across disciplines. She is a painter, sculptor, poet, performer and now an architectural designer whose work is meant to provoke reflection.

“Ai-Da presents a concept for a shared residential area called Ai-Da: Space Pod, a foreshadowing of a future where AI becomes an integrated part of architecture,” explains Aidan Meller, creator of Ai-Da and Director of Ai-Da Robot. “With intelligent systems, a building will be able to sense and respond to its occupants, adjusting light, temperature and digital interfaces according to needs and moods.”

A building designed for humans and robots

The Space Pod is intentionally modular. Each unit can connect to others through corridors, creating a shared residential environment.

Through a series of paintings, she envisions a home and studio for humans or robots alike. According to the Ai-Da Robot team, these designs could evolve into fully realized architectural models through 3D renderings and construction. They could also adapt to planned Moon or Mars base camps.

While the concept targets future bases on the Moon and Mars, the design can also be built as a prototype on Earth. That detail matters as space agencies prepare for longer missions beyond our planet.

“With our first crewed Moon landing in 50 years coming in 2027, Ai-Da: Space Pod is a simple unit connected to other Pods via corridors,” Meller said. “Ai-Da is a humanoid designing homes. This raises questions about where architecture may go when powerful AI systems gain greater agency.” The timing also aligns with renewed lunar exploration tied to NASA missions.

AUSTRALIAN CONSTRUCTION ROBOT CHARLOTTE CAN 3D PRINT 2,150-SQ-FT HOME IN ONE DAY USING SUSTAINABLE MATERIALS

Why this exhibition is meant to challenge you

According to Meller, the exhibition is meant to feel uncomfortable at times. “Technology is developing at an extraordinary pace in these years,“ he said, pointing to emotional recognition through biometric data, CRISPR gene editing and brain computer interfaces. Each carries promise and ethical risk. He references Brave New World and warnings from Yuval Harari about how powerful technologies may be used. 

In that context, Ai-Da becomes a mirror of our time. “Ai-Da is confrontational. The very fact that she exists is confrontational,” said Line Nørskov Davenport, Director of Exhibitions at Utzon Center. “She is an AI shaker, a conversation starter.”

What this means for you

This story goes beyond robots and space travel. Ai-Da’s Space Pod shows how quickly AI is moving from a creative tool to a decision-maker. Architecture, housing and shared spaces shape daily life. When AI enters those fields, questions about control, ethics and accountability become unavoidable. If a robot can design homes for the Moon, it may soon influence how buildings function here on Earth.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

A humanoid robot designing a building once sounded impossible. Today, Ai-Da’s work sits inside a major cultural institution and sparks real debate. She offers no easy answers. Instead, she pushes us to think more critically about creativity, technology and responsibility. As the line between human and machine continues to blur, those questions matter more than ever.

If AI can design the homes of our future, how much creative control should humans be willing to give up? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com. All rights reserved.