
image credit: unsplash
Millions of Android ecommerce app users are at risk of having their sensitive data accessed by crooks, researchers have claimed.
A recent report by CloudSEK’s BeVigil says researchers uncovered 21 ecommerce apps with 22 hardcoded Shopify API keys/tokens which could expose personally identifiable information (PII) of roughly four million users.
“By hardcoding the API key, the key becomes visible to anyone who has access to the code, including attackers or unauthorized users. If an attacker gains access to the hardcoded key, they can use it to access sensitive data or perform actions on behalf of the program, even if they are not authorized to do so,” the company said in a press release.