Quote:App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data.
CloudSEK, maker of artificial intelligence- (AI-) enabled digital threat protection, reported last week that the mobile ecosystem is reeking with hard-coded API keys: Keys that should never be exposed in endpoint apps.
Misconfigured APIs make any app risky, but when you’re talking about financial apps, it’s about handing ne’er-do-wells the power to turn victims’ pockets inside-out.
“While the rampant exposure of API keys is hazardous for any app, it is especially critical when it comes to apps that handle payment information such as bank details, credit card information and UPI transactions, in addition to user [personally identifiable information, or PII],” according to CloudSEK’s writeup.
APIs – application programming interfaces – are the veins and arteries of the mobile ecosystem, enabling apps to communicate with multiple sources and to move data in and out of those apps. It’s an “integral” part of how an app works, CloudSEK said, which means that app developers need to handle them with kid gloves in order to avoid leaking customer data: “Any systematic mishandling of API keys among app developers can cause threat to the app’s business,” researchers maintained.
Read more: Payment API Bungling Exposes Millions of Users’ Payment Data | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
