The portal lists a total of 191 apps, 189 of which store their data in inadequately secured data storage. The top 10 includes LLM-based image and song creators, a dating app, a coloring book and AI chat apps, for example for life advice or as a partner simulation. There is also a Korean learning app. It is aimed at school students – the underused database reveals 9.3 million user accounts.
Email address, cell phone number, prompts
How serious the individual data leaks are varies: An app for image enhancement (for better selfies) stores, among other things, the email addresses and cell phone numbers of its almost 1 million users in a database to which the security company CovertLabs gained access using simple means. Other apps save the user input (prompts) with which they want to generate images, songs and texts. The results are sometimes as embarrassing as chat transcripts from AI-supported partner simulations – fortunately, CovertLabs limits the exhibits to a few innocuous entries and has removed anything that is too personal.
Breach of trust or already illegal?
Creating and storing intimate details in inadequately protected cloud storage and databases is unlikely to turn out to be more than a trivial offense. In many countries, including the EU, service providers are obliged to particularly protect personal details and to promptly inform all users of unauthorized access. The examples in this collection raise the question in advance of whether the providers of the apps presented are even able to detect illegitimate data access. Many of the apps can currently still be found in the iOS App Store.