Researcher Exposes App Store Data Vulnerabilities

Harrison of CovertLabs launched Firehound on January 19, 2026, publishing a repository that documents insecure iOS apps and finds 196 of 198 examined apps expose user data through misconfigured backends and exposed APIs. The project highlights leaks in AI-enabled apps—names, emails, chat histories—and pressures developers and Apple to remediate vulnerabilities, raising regulatory and user-trust concerns.
Key Points
- 1Finds 196 of 198 iOS apps expose user data via misconfigured backends and open APIs
- 2Highlights prevalence in AI-enabled apps, showing integration haste increases risk of sensitive identifiers and chat logs leaks
- 3Urges developers and Apple to enforce access controls, token hygiene, and mandatory security audits for app submissions
Scoring Rationale
High novelty, industry-wide scope, and actionable findings; limited credibility due to single-source disclosure and sparse official vendor confirmation.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
