Multiple popular mobile apps, some of which have millions of downloads, are exposing hardcoded and unencrypted credentials to cloud services. This could allow anyone with access to the app’s source code to extract credentials and exploit cloud infrastructure. These popular apps include credentials for either Amazon Web Services (AWS) and Microsoft Azure Blog Storage. Threat actors can extract credentials and use them to manipulate or exfiltrate data. This would lead to severe security breaches. The scale of these vulnerabilities highlights the need to adopt more secure development practices for mobile apps. Three of the popular apps found to expose AWS credentials are Crumbl, Eureka, and Videoshop. 

Read more: https://www.darkreading.com/cloud-security/mobile-apps-millions-downloads-expose-cloud-credentials