Hardcoded keys exposed Gemini
Researchers found hardcoded Google API keys in dozens of Android apps that let attackers make unauthorized calls to Gemini, leading to financial losses and uncontrolled model use across apps with large install bases. Reports suggest the issue touches many installs and highlights credential‑management failures in mobile apps integrating AI APIs. (techradar.com (ciso.economictimes.indiatimes.com)
A Google API key is supposed to be a digital pass for one service, but researchers say dozens of Android apps exposed keys that also opened Gemini. (securityweek.com) CloudSEK said on April 11 that it found 32 live keys hardcoded in 22 Android apps with a combined 500 million-plus installs after scanning the top 10,000 apps by install count. The firm said affected apps spanned travel, finance, education, news and productivity. (ciso.economictimes.indiatimes.com) (gadgets360.com) The basic problem is hardcoding: developers put a key directly inside an app package, and anyone who downloads the app can often extract it. Google’s own Cloud guidance says not to include API keys in client code because exposed keys can trigger unauthorized access and unexpected charges. (docs.cloud.google.com) Gemini uses those keys as bearer credentials, which work like a password anyone can spend once they have it. Google’s API reference says every Gemini request must include an `x-goog-api-key` header, and its key guide says hardcoding is only for initial testing and “not secure.” (ai.google.dev 1) (ai.google.dev 2) CloudSEK said the risk changed when projects with older `AIza` keys gained Gemini access after the Gemini application programming interface was enabled, without a separate opt-in for those existing keys. SecurityWeek reported the same behavior as “retroactive privilege escalation,” where a key embedded for one purpose could suddenly call Gemini endpoints too. (ciso.economictimes.indiatimes.com) (securityweek.com) In one test case, CloudSEK said a key inside the ELSA Speak Android app could query the Gemini Files application programming interface and return a live list of uploaded audio files. The researchers said those files appeared to be speech recordings submitted for pronunciation coaching. (ciso.economictimes.indiatimes.com) (infosecurity-magazine.com) The report named apps including Oyo Hotel, Google Pay for Business, Taobao, apna Job Search App and ELSA Speak. Gadgets 360 said CloudSEK tied the issue to apps with more than 500 million installs in total, not 500 million confirmed victims. (gadgets360.com) The costs can be real even when no user data is taken. CloudSEK cited three public misuse cases that reportedly produced bills of $15,400, about 20.36 million yen, and $82,314 after attackers used exposed Gemini access. (ciso.economictimes.indiatimes.com) Google’s current Android guidance points developers toward Firebase AI Logic to connect apps to the Gemini Developer application programming interface, rather than dropping a raw secret into a downloadable app. The company’s Cloud documentation also recommends key restrictions, monitoring and moving production systems to stronger identity controls. (developer.android.com) (docs.cloud.google.com) The cleanup is straightforward but tedious: rotate exposed keys, restrict what each key can call, remove secrets from app code, and watch billing logs for spikes. Hardcoded keys tend to survive across app updates, so a shortcut left in one release can keep paying someone else’s Gemini bill months later. (docs.cloud.google.com) (ciso.economictimes.indiatimes.com)
