Several popular mobile apps, including Pic Stitch, Crumbl, Eureka, and Videoshop, have been found to store AWS credentials directly within their codebases, which exposes sensitive information, such as access keys and secret keys, to potential attackers, compromising the security of these apps and their users.  Crumbl’s code exposes AWS credentials by initializing AWSStaticCredentialsProvider with plain … Continue reading Millions at Risk: Hardcoded Credentials Found in Top Android & iOS Apps