AI apps on the Google Play store are leaking customer data and photos
Mashable
February 20, 2026
AI-Generated Deep Dive Summary
Unsecured AI apps on the Google Play Store have exposed sensitive user data, including personal information and media files, raising significant privacy concerns. Cybersecurity researchers identified vulnerabilities in several popular Android apps designed for identity verification and image editing, such as "Video AI Art Generator & Maker" and IDMerit. These apps were found to leak vast amounts of user data due to misconfigured cloud storage buckets and poor security practices. For instance, the video app exposed over 1.5 million images and 385,000 videos, while IDMerit leaked personal details like full names, addresses, and IDs from users across 25 countries.
The issue stems from developers failing to secure their apps properly, with many embedding sensitive information such as API keys and passwords directly into their source code—a practice known as "hardcoding secrets." This, combined with unpatched vulnerabilities, made it easy for malicious actors to access exposed data. Researchers found that 72% of the analyzed Google Play Store AI apps had similar security flaws, highlighting a widespread lack of attention to user privacy and data protection.
This problem underscores the risks associated with using unverified AI tools, particularly those handling sensitive information. Users who download these apps unknowingly expose themselves to potential identity theft and other malicious activities. Cybersecurity experts emphasize the need for developers to prioritize secure coding practices and adopt stronger security measures to protect user data. As AI technology continues to evolve, ensuring its ethical and safe implementation remains a critical challenge in the tech industry.
The findings also highlight the broader implications of lax security standards in app development.
Verticals
tech
Originally published on Mashable on 2/20/2026