Security News > 2022 > November > Apps with over 3 million installs leak 'Admin' search API keys

Apps with over 3 million installs leak 'Admin' search API keys
2022-11-21 15:04

Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information.

Of those keys, only the Search is meant to be public and available on front-end code, helping users perform search queries on the apps.

"While the admin API key enables threat actors to perform several critical actions and provides access to sensitive data, even with one or more of the other API keys, threat actors can search or view sensitive data," a CloudSEK analyst told BleepingComputer.

The 32 apps that leak Admin API keys are more critical, as they expose their users to data leak risks and the databases to malicious modifications that could incur business damage.

The apps exposing Algolia Admin API keys have approximately 3,250,000, with some apps having over a million downloads each.

In a list of leaky apps shared with BleepingComputer, other categories include news apps, food and drink, education, fitness, photography, lifestyle, productivity, medical, and business apps, collectively downloaded over 950,000 times.


News URL

https://www.bleepingcomputer.com/news/security/apps-with-over-3-million-installs-leak-admin-search-api-keys/