Leaky Apps: Large-scale Analysis of Secrets Distributed in Android and iOS Apps

Mobile apps store various types of secrets to support their functionalities. These include API keys, and cryptographic material to authenticate users and access backend services. Once distributed, attackers can reverse-engineer the apps, and these secrets become accessible, posing risks such as data leaks, and service abuse.