1,859 Mobile Apps, Mostly iOS, Found Storing Hard-Coded Credentials for AWS Databases

According to research from Symantec, as many as 1,859 publicly available Android and iOS apps contain hard-coded AWS credentials. The unsafe mobile application development practices are paving the way for such supply chain vulnerabilities.

AWS access tokens are active in around 77% (1,431) of these 1,859 apps, which makes it possible for threat actors to access private AWS cloud services. Additionally, almost half of these apps (873) containing valid AWS access tokens provided access to private databases stored in Amazon S3 containing millions of files and data records.

The scenario is ideally suited for threat actors to breach data and