Technology
Thousands of iPhone apps expose data inside Apple App Store
NEWYou can now listen to Fox News articles!
Apple often promotes the App Store as a secure place to download apps. The company highlights strict reviews and a closed system as key protections for iPhone users. That reputation now faces serious questions.
New research shows that thousands of iOS apps approved by Apple contain hidden security flaws. These flaws can expose user data, cloud storage and even payment systems.
The issue is not malware; it’s poor security practices baked directly into the app code.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
APPLE WARNS MILLIONS OF IPHONES ARE EXPOSED TO ATTACK
Cybernews researchers found that many iOS apps store sensitive secrets directly inside app files, where they can be easily extracted. (Kurt “CyberGuy” Knutsson)
What researchers discovered inside iOS apps
Security researchers at Cybernews, a cybersecurity research firm, analyzed the code of more than 156,000 iPhone apps. That represents about 8% of all apps available worldwide.
Here is what they found:
- Over 815,000 hidden secrets inside app code
- An average of five secrets per app
- 71% of apps leaked at least one secret
These secrets include passwords, API keys and access tokens. Developers place them directly inside apps, where anyone can extract them. According to Cybernews researcher Aras Nazarovas, this makes attackers’ jobs much easier than most users realize.
What are hardcoded secrets in simple terms?
A hardcoded secret is sensitive information saved directly inside an app instead of being protected on a secure server. Think of it like writing your bank PIN on the back of your debit card. Once someone downloads the app, they can inspect its files and pull out those secrets. Attackers do not need special access or advanced hacking tools. Both the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warn developers not to do this. Yet it is happening at a massive scale.
Cloud storage leaks exposed huge amounts of data
One of the most serious problems involves cloud storage. More than 78,000 iOS apps contained direct links to cloud storage buckets. These buckets store files such as photos, documents, receipts and backups. In some cases, no password was required at all. Researchers found:
- 836 storage buckets are fully open to the public
- Over 76 billion exposed files
- More than 406 terabytes of leaked data
This data included user uploads, registration details, app logs and private records. Anyone who knew where to look could view or download it.
APPLE PATCHES TWO ZERO-DAY FLAWS USED IN TARGETED ATTACKS
This chart shows the most common types of hardcoded secrets found inside iOS apps, with Google-related keys appearing most often, according to Cybernews research. (Cybernews)
Firebase databases were also left open
Many iOS apps rely on Google Firebase to store user data. Cybernews found more than 51,000 Firebase database links hidden in app code. While some were protected, over 2,200 had no authentication. That exposed:
- Nearly 20 million user records
- Messages, profiles, and activity logs
- Databases that are mostly hosted in the U.S.
If a Firebase database is not locked down, attackers can browse user data like a public website.
Payment and login systems were at risk too
Some of the leaked secrets were far more dangerous than analytics or ads. Researchers discovered secret keys for:
- Stripe, which handles payments and refunds
- JWT authentication systems that control logins
- Order management tools used by shopping apps
A leaked Stripe secret key can allow attackers to issue refunds, move money or access billing details. Leaked login keys can let attackers impersonate users or take over accounts.
AI and social apps were among the worst offenders
Some of the apps with the largest leaks were related to artificial intelligence. According to VX Underground, security firm CovertLabs identified 198 iOS apps leaking user data. The worst known case was Chat & Ask AI by Codeway. Researchers say it exposed chat histories, phone numbers and email addresses tied to millions of users. Another app, YPT – Study Group, reportedly leaked messages, user IDs and access tokens. CovertLabs tracks these incidents in a restricted repository called Firehound. The full list of affected apps has not been publicly released, and researchers say the data is limited to prevent further exposure and to give developers time to fix security flaws.
MALICIOUS GOOGLE CHROME EXTENSIONS HIJACK ACCOUNTS
This example shows how sensitive keys like Google API credentials and Stripe payment secrets can be stored directly inside an iOS app’s files, where they are easy to extract. (Cybernews)
Why Apple’s App review can miss hidden security risks
Apple reviews apps before they appear in the App Store. However, the review process does not scan app code for hidden secrets. If an app behaves normally during testing, it can pass review even if sensitive keys are buried inside its files. This creates a gap between Apple’s security claims and real-world risks. Removing leaked secrets is not simple for developers. They must revoke old keys, create new ones and rebuild parts of their apps. That can break features and delay updates. Even though Apple says most app updates are reviewed within 24 hours, some updates take weeks. During that time, vulnerable apps can remain available.
CyberGuy contacted Apple for comment, but did not receive a response before publication.
Ways to stay safe right now
You cannot easily inspect an app for hidden secrets. Apple does not provide tools for that. Still, you can reduce your risk and limit exposure by being selective and cautious. These steps help reduce the risk if an app leaks data behind the scenes.
1) Stick to established app developers
Well-known developers tend to have stronger security teams and better update practices. Smaller or unknown apps may rush features to market and overlook security basics. Before downloading, check how long the developer has been active and how often the app is updated.
2) Review and limit app permissions
Many apps ask for more access than they need. Location, contacts, photos and microphone access all increase the risk of data leaks. Go into your iPhone settings and remove permissions that are not essential for the app to work.
3) Delete apps you no longer use
Unused apps still retain access to data you shared in the past. They may also store information on remote servers long after you stop opening them. If you have not used an app in months, remove it. Here’s how: Open Settings, tap General, select iPhone Storage, and scroll through the list of apps to see when each one was last used. Tap any app you no longer need and select Delete App to remove it and reduce ongoing data exposure.
4) Be cautious with personal and financial details
Avoid entering sensitive information unless it is absolutely necessary. This includes full names, addresses, payment details and private conversations. AI apps are especially risky if you share deeply personal content.
5) Use a password manager for every account
A password manager creates strong, unique passwords for each app and service. This prevents attackers from accessing multiple accounts if one app leaks data. Never reuse passwords tied to your email address.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
6) Change passwords tied to exposed apps
If an app uses your email address for login, change that password immediately. Do this even if there is no confirmation of a breach. Attackers often test leaked credentials across other services.
7) Consider using a data removal service
Some leaked data ends up with data brokers that sell personal information online. A data removal service can help find and remove your details from these databases. This reduces the chance that exposed app data gets reused for scams or identity theft.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
8) Monitor your accounts for unusual activity
Watch for unexpected emails, password reset notices, login alerts, or payment confirmations. These can signal that leaked data is already being abused. Act quickly if something looks off.
9) Pause use of risky AI and chat apps
If you use AI apps for private conversations, consider stopping until the developer confirms security fixes. Once data is exposed, it cannot be pulled back. Avoid sharing sensitive details with apps that store conversations remotely.
Kurt’s key takeaways
Apple’s App Store still offers important protections, but this research shows it is not foolproof. Many trusted iPhone apps quietly expose data due to basic security mistakes. Until app reviews improve, you need to stay alert and limit how much data you share.
How many apps on your iPhone have access to information you would not want exposed? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Meta is reportedly working on smart glasses that would be recording all the time
Meta might be the next company to make an always-on AI wearable. The company is working on prototype “super sensing” always-aware smart glasses that could continuously record audio and snap photos “every few seconds,” according to the Financial Times. The wearer could then ask Meta AI about the captured audio and images.
However, the images and audio might not be directly available to the user. Here’s how the FT describes one way the glasses could use the data:
In one proposed system, raw footage and audio would not be stored by Meta or made available to the user, several people said. Instead, the metadata from that audio and images would be extracted and uploaded to the server for Meta’s AI to query, which proponents argue would have fewer privacy implications.
But currently, Meta is planning for the LED recording indicator to remain off in “super sensing” mode, the FT reports. In a July 2025 whitepaper, the company said that it would reserve the LED indicator for “active capture” scenarios where the user is saving photos or videos, and leave it off during “AI Feature” use — such as scanning a menu — to avoid users becoming too used to the indicator. (If the indicator was on during the “super sensing” mode, it might also be harder to know when the glasses are actually recording video.)
Meta is also discussing if it would use the captured data for training its AI models. It may also bring the “super sensing” features to glasses it has already released, the FT says.
“While we don’t comment on internal prototypes, we’re committed to getting our glasses right because they need to be loved by both people wearing them and those around them,” Meta spokesperson Dave Arnold says in a statement to The Verge. Arnold also notes that “Our approach has been to develop new technologies that will help people throughout their day, with privacy built in from the ground up.”
Meta hasn’t been shy about some type of always-aware glasses being a possibility. CEO Mark Zuckerberg, in the company’s Q1 2026 earnings call, said that he was “really excited to see the glasses evolve from being able to answer questions to being able to be a personal agent that’s with you all day long, helping you remember things and achieve your goals.” In a March blog post about new Ray-Ban Meta glasses, the company wrote that “with ongoing software updates, Meta AI on glasses will transition from something you have to prompt with a question each time, to a more continuous, in-the-moment assistant that can help throughout the day.”
Technology
Get a $30 credit when you reserve Samsung’s upcoming Galaxy phones
Even though they haven’t been officially announced yet, Samsung is giving you a chance to save some cash when you preorder what we’re expecting to be the brand’s updated Galaxy Z Fold phones. The next Galaxy Unpacked event will take place on July 22nd, 2026, and features the tagline “A new shape unfolds.” In addition to seeing updated versions of the existing Flip and Fold form factors, we anticipate the debut of a new, wider foldable phone. If you register your interest ahead of time and end up preordering one of the new phones shortly after they’re announced, Samsung will give you a $30 store credit at checkout.
There are some caveats to this offer. You have to use the credit when you preorder the phone. No saving it for later. Also, the credit can’t be applied to the cost of the phone either, so you’ll have to put it towards the cost of accessories or extra services. Samsung specifically calls out that select Galaxy rings, earbuds, watches, and tablets are eligible, or you can use it to help pay for Samsung Care Plus.
There are no downsides to registering your interest, so if you think you might be interested in buying one of the upcoming phones, it’s worth filling out the form. As long as you use the same email during checkout, the credit will be automatically applied.
Technology
Apple AI security update proves hackers move fast
Anthropic’s new AI model raises alarms over safety, cybersecurity concerns
Matt Shumer, co-founder and CEO of OthersideAI, details Anthropic’s new AI model, Mythos, on ‘The Sunday Briefing’. The model’s “emergent capabilities” to find software vulnerabilities autonomously raised alarms, prompting Anthropic to restrict public access. Shumer explains the proactive move of granting major companies and the US government early access to Mythos for cyber defense, anticipating future threats to critical infrastructure and national security.
NEWYou can now listen to Fox News articles!
A security update rarely feels dramatic. You see the alert, promise yourself you will install it later and then go right back to whatever you were doing. This time, Apple is giving you a stronger reason to pay attention.
Apple released iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2 on June 29, 2026. The updates include security fixes for vulnerabilities tied to the kernel, WebKit and WebRTC. Apple says these fixes were first made available through the iOS 26.6, iPadOS 26.6 and macOS Tahoe 26.6 betas before being pushed out early to everyone.
That is the part that should make you pause. Apple usually rolls many security fixes into larger software updates. This time, the company moved faster.
AI IS NOW POWERING CYBERATTACKS, MICROSOFT WARNS
Apple pushed out security fixes early because AI can help hackers study software flaws faster. (Nikolas Kokovlis/NurPhoto via Getty Images)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Why Apple released this AI security update early
Apple reportedly accelerated the updates because artificial intelligence can help speed the creation of malicious hacking tools. Once a fix appears in a beta, attackers may be able to study it, reverse-engineer the weakness and move faster than before.
Apple said there was no evidence that the newly patched vulnerabilities had been exploited. Still, the company wanted to shrink the time between when fixes were first visible and when they reached your devices.
That is a major shift. It suggests Apple sees AI as a force that changes the timing of security. A flaw that once gave defenders more breathing room may now become a race.
What Apple fixed in iOS 26.5.2
Apple’s iOS 26.5.2 and iPadOS 26.5.2 notes list fixes for iPhone 11 and later, along with several supported iPad models. The security content includes kernel vulnerabilities that could let an app crash the system, corrupt kernel memory or leak sensitive kernel state.
The update also fixes multiple WebKit issues. WebKit powers Safari and web content inside many apps. Some of these flaws involved malicious web content that could lead to crashes, memory corruption, data leaks or sandbox escapes.
Apple also fixed WebRTC issues that could be triggered by malicious web content and lead to Safari or process crashes.
For Mac, Apple lists macOS Tahoe 26.5.2 as the current release. If your Mac runs macOS Sonoma or macOS Sequoia, Apple also lists Safari 26.5.2 as a June 29, 2026, security release.
A woman uses a smartphone outside an Apple Store on June 20, 2026, in Shenzhen, Guangdong Province, China. (Cheng Xin/Getty Images)
Why AI hacking tools change the security race
AI can help legitimate researchers find bugs faster. That is good when the work leads to stronger software and responsible disclosure. However, the same general capability can also help bad actors move faster. A criminal does not need to understand every line of code if an AI tool can help summarize a patch, compare software changes or suggest where a weakness may be hiding.
That is why Apple’s move is important. It shows that big tech companies may need to release security fixes sooner and more often, even when those updates do not include flashy new features. The wider AI world adds pressure here. Frontier AI companies have released or tested systems with stronger coding and cybersecurity capabilities. Some models are available only through limited previews, approved access or extra safeguards because of their potential cyber use.
Similar efforts are also emerging outside the United States. Several international AI labs and security companies now promote models designed to find vulnerabilities, analyze code and assist cyber defense. The takeaway for you isn’t that AI is automatically bad. The real point is speed. Security teams, attackers and AI tools are now moving on a shorter clock.
How to update your iPhone or iPad
Before you update, plug in your device and connect to Wi-Fi. You may also want to back up your iPhone or iPad first.
Then do this: Open Settings > General > Software Update > Download and Install.
After the update finishes, go back to Settings > General > Software Update > Automatic Updates. Make sure automatic updates are turned on. Apple also lets your device automatically install system file updates that improve security without changing the full software version. If you do not see the update right away, check again later. Apple releases updates in stages, and your device also needs enough battery and storage.
How to update your Mac
On a Mac, start with a backup. Then click the Apple menu > System Settings > General > Software Update . Choose Update Now if macOS Tahoe 26.5.2 appears.
Next, check your background update settings. On macOS Tahoe 26 or later, go to Apple menu > System Settings > General > Software Update . Click the More Info button next to Automatic Updates and make sure Install system data files and security updates is turned on.
If your Mac runs Sonoma or Sequoia, look for Safari 26.5.2 in Software Update as well. That Safari update may be the protection your Mac needs if you are not on Tahoe.
BEWARE OF HACKERS SHOWING UP PRETENDING TO BE IT
What this Apple security update means to you
You may see more security updates that feel sudden or small. That can be annoying, especially when you are busy or your device needs to restart.
Still, these updates are becoming more important. Apple is reacting to a world where AI can help shorten the time between a public fix and a possible attack.
So, when your iPhone, iPad or Mac asks you to update, do not treat it like background noise. The update may be closing a door someone else is already trying to find.
Updating your iPhone, iPad and Mac helps close security holes before attackers get more time to exploit them. (Katharina Kausche/picture alliance via Getty Images)
How to stay safe after the Apple security update
Installing the Apple AI security update is the best first move. After that, tighten a few habits that make attacks harder.
1) Keep your apps updated
Your operating system is only part of the security picture. Outdated apps can still create risk, especially if they handle messages, web links, photos, files or account logins. Open the App Store and install available updates regularly.
2) Watch out for suspicious links
Be careful with links in texts, emails and social media messages. WebKit and browser flaws are a reminder that malicious web content can be part of an attack. When in doubt, open the official app or website yourself instead of tapping a link.
3) Use strong passwords and two-factor authentication
Use strong, unique passwords for every account and store them in a password manager. Then turn on two-factor authentication (2FA) wherever possible. If one password gets exposed, you do not want it opening the door to your email, bank or Apple account.
4) Use strong antivirus protection
Use strong antivirus protection on your Mac and other connected devices. It can help catch malicious files, phishing attempts and suspicious activity before they do damage. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
5) Back up your data regularly
Back up your iPhone, iPad and Mac before problems hit. A recent backup can help you recover faster if an update fails, your device gets stolen or malware locks you out of important files. CyberGuy’s guide to backing up your devices walks you through ways to protect your files using cloud storage, an external drive or both.
6) Use a personal data removal service
Use a personal data removal service to reduce how much of your personal information is floating around online. Data brokers and people-search sites can expose your name, address, phone number and relatives. Scammers can use those details to make phishing messages feel more believable. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
Kurt’s key takeaways
Apple’s early security release shows how fast the cyber threat landscape is changing. The company says there is no evidence these newly patched flaws were exploited, but it still moved the fixes out before the wider 26.6 release. That tells me the old habit of waiting weeks to update is getting riskier. AI can help defenders, but it can also help criminals study weaknesses faster. My advice is direct: update your Apple devices now, turn on automatic security updates and stop putting off patches that protect the phone and computer you use every day.
Do you think AI will make your devices safer because companies can find flaws faster, or more vulnerable because hackers can move faster too? Let us know by writing to us at CyberGuy.com.
Automatic updates, strong passwords and a personal data removal service can make you a harder target after the update. (Silas Stein/picture alliance via Getty Images)
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
-
California4 minutes agoPopular California Fast-Casual Chain Mendocino Farms Opens 100th Location in Santa Barbara – edhat
-
Colorado7 minutes agoUnited Way of Southern Colorado raises over $400,000 for Aspen Acres Fire victims:
-
Connecticut12 minutes agoThis Underrated Connecticut Town Is Getting National Recognition as One of the Best Places to Live
-
Delaware19 minutes agoPlans advance for Delaware city’s first Chick-fil-A restaurant
-
Florida22 minutes agoSummer Scheming ‘26: Florida State Seminoles
-
Georgia27 minutes agoTravel and Leisure listed unique experiences in each state, including GA
-
Hawaii34 minutes agoThree West Hawaii sex offenders arrested – West Hawaii Today
-
Idaho37 minutes ago
Idaho Power crews respond to outage affecting 2,163 customers in Canyon County