'Vast majority' of mobile apps found leaking AWS credentials are on iOS


iOS apps are leaking hard-coded Amazon Web Services (AWS) credentials far more often than Android-based versions of the same app, according to new research.

Analysis of the software libraries belonging to more than 1,800 publicly available apps found that 77% had leaked details that attackers could use to gain access to private AWS accounts

while 47% were found to have leaked credentials associated with Amazon S3 buckets.Of these vulnerable apps, 98% were installed on iOS, according to Kevin Watkins, security researcher at Symantec.

Watkins didn't detail why the issue was so much more prevalent in iOS development than Android. IT Pro has approached Symantec for further comment.

Using shared libraries is common practice in the software development space, and this is partly why the Log4Shell vulnerability was so worrying when it was first discovered.