Hardcoded Google keys abused
Attackers used exposed Google API keys embedded in apps to call Gemini and rack up large bills, with one report saying developers lost tens of thousands of dollars. Security researchers found hardcoded keys across multiple Android apps—some paths reportedly touched software with a combined install base in the hundreds of millions. (techradar.com; ciso.economictimes.indiatimes.com)
A Google API key left inside an Android app can now double as a Gemini credential, letting attackers run artificial intelligence requests on someone else’s bill. (cloudsek.com) CloudSEK said on April 7 it found 32 hardcoded Google API keys across 22 Android apps with a combined install base above 500 million. SecurityWeek reported the same findings on April 9 after reviewing the research. (cloudsek.com) (securityweek.com) The mechanic is simple: developers long used Google’s `AIza` keys as public project identifiers for services like Maps and Firebase, but Truffle Security reported in February 2026 that enabling the Gemini application programming interface on the same Google Cloud project could give those old keys Gemini access without a separate warning. (trufflesecurity.com) (cloudsek.com) Gemini is Google’s model service for generating text, images, code, and other outputs through an application programming interface. Google’s own documentation says every Gemini request must include an `x-goog-api-key` header, which is why a leaked key can become a billable access token. (ai.google.dev 1) (ai.google.dev 2) CloudSEK said an attacker who extracts one of those keys from a decompiled Android package can hit Gemini endpoints for uploaded files, cached contents, and model calls. In one example cited by Economic Times, a key in the ELSA Speak app returned a live response listing uploaded audio files. (cloudsek.com) (ciso.economictimes.indiatimes.com) The money can move fast because Gemini charges by usage and, for some features, by storage time. Google’s pricing and caching pages show paid tiers for token use and separate costs for context caching that persists data for up to a set time window. (ai.google.dev 1) (ai.google.dev 2) Economic Times said the research pointed to three publicly reported abuse cases with losses of $15,400, about 20.36 million yen, and $82,314. Truffle Security separately said it found nearly 2,863 live Google API keys on public websites that authenticated to Gemini even though they were not intended for that use. (ciso.economictimes.indiatimes.com) (trufflesecurity.com) Google’s current documentation does not treat hardcoding as safe for production. The Gemini key guide says hardcoding is only for initial testing and “not secure,” while Google Cloud’s authentication guide says developers should not include API keys in client code or repositories. (ai.google.dev) (docs.cloud.google.com) That guidance sits awkwardly beside Google’s earlier Android push to let developers call Gemini directly from apps with the Google Artificial Intelligence software development kit and Android Studio templates. In December 2023, Google said the setup could remove the need for developers to build and manage their own backend infrastructure. (android-developers.googleblog.com) The immediate fix is not mysterious: move Gemini calls off the client, rotate exposed keys, and lock keys down with restrictions and monitoring. But the larger cleanup is already underway because keys that once looked like harmless labels are now being treated like passwords. (docs.cloud.google.com) (trufflesecurity.com)
