Our researchers using BeVigil, a security search engine, were able to find 159 private GitHub repositories that contained the source code of 10 organizations. The sole reason why we found their private GitHub repositories was because their repositories contained source code of Android apps with hardcoded Github Personal Access Tokens.
Authors: Arshit Jain and Sai Ahladini Tripathy, BeVigil Team Editor: Isha Tripathi, Information & Analytics Squad Widespread Exposure of API Keys Imperils the Mobile App Ecosystem APIs have revolutionized how apps are developed and used. They make it easy for developers to build apps that communicate with multiple sources and efficiently manage data flowing to and … Read more
CloudSEK’s BeVigil, a security search engine for mobile apps, has found that 0.5% of mobile apps expose AWS API keys, thus putting their internal networks and data at high risk.