CloudSEK: 50% of apps found to use API keys from three email marketing services

AI cybersecurity company CloudSEK recently investigated 600 popular Android apps on Google Play and found that about 50% of the apps used API keys from the three most popular email marketing service apps.

The full name of API is application programming interface, which enables applications and services to work seamlessly with third-party websites in the background.

APIs are the types of applications that online companies and services use to collect customer contact information and manage outbound marketing campaigns, which means there's a lot of vulnerable data being transmitted via API keys.

CloudSEK investigated 600 Google Play apps using its own BeVigil security engine and found that about half of the apps used API keys from Mailchimp, Sendgrid, and Mailgun. These three API keys have vulnerabilities that can pass sensitive data to malicious third parties, thus affecting user security and becoming a target for cyber scammers.

The affected apps have been downloaded more than 54 million times, and every one of them is now potentially leaking any and all details via API keys. According to CloudSek, the vulnerability could allow malicious actors to read emails, steal customer data, access email lists, and even run email marketing campaigns as a representative of the affected businesses. This last one means that users exposed in this way will be particularly vulnerable to sophisticated phishing campaigns that will be extremely difficult to detect.

From IT Home