282 iOS Apps Expose LLM API Credentials via Network Traffic

A study by Wake Forest University revealed that 282 out of 444 analyzed iOS applications with AI features are leaking Large Language Model (LLM) API credentials through network traffic. This vulnerability affects apps across 13 categories, including productivity and education. The exposed credentials could lead to unauthorized access and abuse of LLM accounts and cloud resources. Researchers found that many of these issues remain unpatched despite responsible disclosure efforts. The findings indicate a systemic problem within the iOS ecosystem regarding the misuse of LLM provider APIs. The study emphasizes the need for improved security measures in mobile app development. Current status shows that the vulnerabilities are still present and unaddressed in many applications.

Key Points: • 282 iOS apps were found leaking LLM API credentials through network traffic. • The vulnerabilities affect a wide range of app categories, including productivity and education. • Many of the identified issues remain unpatched despite responsible disclosure.