Gemini API keys leaked

An application programming interface key is supposed to work like a back-office keycard: the app asks a server for help, and the server uses the key where users cannot see it. In this case, researchers found Google Gemini keys sitting inside Android apps themselves, where anyone who unpacks the app can copy them. (ai.google.dev) (docs.cloud.google.com) The report says 22 Android apps exposed those keys, and those apps add up to more than 500 million installs. That turns one developer shortcut into a very large attack surface, because every install is another copy of the app package an attacker can inspect. (economictimes.indiatimes.com 1) (economictimes.indiatimes.com 2) Google’s Gemini application programming interface accepts requests authenticated with an `x-goog-api-key` header. Google’s own documentation says hardcoding a key can be used for initial testing, but “only be temporary,” and Google Cloud says not to include API keys in client code. (ai.google.dev 1) (ai.google.dev 2) (docs.cloud.google.com) What attackers get first is not magical access to a phone. What they get is the ability to impersonate the app when talking to Gemini, which can burn through the developer’s quota, trigger charges, and make the traffic look like it came from a legitimate product. (economictimes.indiatimes.com) (discuss.ai.google.dev) (docs.cloud.google.com) The nastier detail is the Files application programming interface. Google describes that part of Gemini as a utility endpoint for uploading files, and the report says exposed keys could let outsiders call it and reach cached context data tied to prompts and uploads. (ai.google.dev) (economictimes.indiatimes.com) Cached context is the short-term memory that keeps a model from forgetting the last few things you gave it. If an app sends a document, image, or prompt history to Gemini and then reuses that context, a stolen key can turn that convenience layer into a place where somebody else probes for leftovers. (economictimes.indiatimes.com) (ai.google.dev) This happened because many developers treated a provider-style key like a harmless app setting instead of a secret. Apiiro defines hardcoded secrets as credentials embedded directly in code or configuration, and Google Cloud warns that public exposure can lead to unauthorized access and unexpected charges. (apiiro.com) (docs.cloud.google.com) Google already has a safer pattern for direct device connections: ephemeral tokens, which are short-lived credentials that expire quickly and can be restricted. Google says those tokens can still be extracted from a mobile app, but their short lifetime sharply reduces the blast radius compared with a long-lived key baked into the app. (ai.google.dev) Google AI Studio has also added full-stack app support with server-side logic and secret storage, which is the architecture this story points developers toward. Put the real key on a server, let the app call that server, and never ship a permanent credential inside the download. (ai.google.dev 1) (ai.google.dev 2) For users, this is mostly invisible, because the weak point is not a bad password or a fake link they clicked. For developers, it is a reminder that every artificial intelligence feature wired straight from a phone to a paid model endpoint turns the app bundle into a place where billing power and data access can leak. (economictimes.indiatimes.com) (docs.cloud.google.com)