Warning: hundreds of Android apps leaked API key

Buzz

Ngày cập nhật gần nhất: 15/4/2026

Content

Discovery of multiple Android apps leaking API key

Recently, hundreds of Android apps on Google Play Store were found to have leaked API keys. This could put users at risk of identity theft and other serious threats.

Specifically, cybersecurity researchers at CloudSEK discovered these serious vulnerabilities using the company's security search tool BeVigil to analyze 600 apps on Google Play. Shortly after, CloudSEK notified Android app developers about the issue.

Discovery of multiple Android apps leaking API key

Half of these Android apps leaked API keys of three leading email marketing service providers MailChimp, SendGrid, and Mailgun. Threat actors could exploit these to send emails, revoke API keys, and even modify multi-factor authentication (MFA).

Over 54 million users are at risk for downloading apps that leaked API keys. Most victims are from the United States. Countries like the UK, Spain, Russia, and India are also significantly affected.

According to CloudSEK, the security of API keys in software architecture is extremely important. Software developers should avoid embedding API keys in their applications and should adhere to secure deployment and encryption methods such as standardizing the assessment, rotation, and hiding of API keys regularly.

If you're not sure what an API is, let's find out the basics of APIs and their importance in the article below with Taimienphi.vn

Among the 3 services, MailChimp is considered the largest service. Hackers can exploit the leaked API keys of MailChimp to read email content, extract customer data illegally, fetch email lists, run ads, and adjust fraudulent promotion codes in emails.

Moreover, attackers can self-authorize third-party applications connected to MailChimp accounts. In total, researchers have identified 319 API keys, with over a quarter (28%) of them valid, and 12 keys were added to read content in emails.

Leaking API keys on MailGun also allows threat actors to send and read emails, obtain Simple Mail Transfer Protocol (SMTP) credentials, IP addresses, and steal customer email lists.

On the other hand, SendGrid is a communication platform that helps companies send cloud-based marketing emails. With leaked API keys, hackers can send emails, create new API keys, and control the IP addresses used to access accounts.

In the digital age, users must be increasingly cautious about cyberattacks. Mytour.vn will continuously update readers with the latest information on incidents as soon as possible.

https://Mytour.vn/canh-bao-hang-tram-ung-dung-android-bi-ro-ri-khoa-api-31742n.aspx

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]