Last Updated: January 2026 | Reading Time: 5 minutes | Author: First and Geek Editorial Team

A new security initiative has uncovered a troubling reality: nearly 200 apps on Apple’s App Store are actively exposing sensitive user data, affecting millions of people worldwide. The discovery highlights serious vulnerabilities in how some developers handle user information, particularly among AI-powered applications.

What Is Firehound and What Did It Find?

Firehound is a public security project led by CovertLabs that scans and catalogs App Store applications with exposed databases or improperly secured cloud storage. The platform was created to shine a light on apps that leak user information, whether intentionally or through negligence.

As of this writing, the project has identified 198 iOS apps, with 196 of them actively exposing user data. These exposures include names, email addresses, chat histories, and other sensitive personal information. The data is reportedly accessible to anyone who knows where to look, which represents a significant privacy and security risk.

The Worst Offender: Chat & Ask AI

At the top of Firehound’s rankings is an app called “Chat & Ask AI,” which reportedly exposes over 406 million records from more than 18 million users. According to security researchers, the app’s entire chat history is accessible due to a critical vulnerability in how user data is stored and protected.

A security researcher involved in the discovery urged users to stop using the app immediately, describing the exposure as severe and easily exploitable. The vulnerability appears to stem from unsecured databases that allow external access without proper authentication or encryption.

Which Types of Apps Are Affected?

While the majority of flagged apps appear to be AI-related tools, the security issues span multiple categories within the App Store. Affected app types include:

• Education
• Entertainment
• Graphics & Design
• Health & Fitness
• Lifestyle
• Social Networking
• Other miscellaneous categories

Most of these apps reportedly expose data through improperly configured databases or cloud storage solutions. In many cases, developers may have used third-party backend services without fully understanding or implementing necessary security measures.

How Firehound Works and Who Can Access the Data

Firehound is a public registry, but access to the most sensitive details is restricted. The platform offers limited information to the general public, while journalists, law enforcement, and security professionals can request access to detailed scan results and restricted datasets.

According to the project’s creators, this approach is designed to balance transparency with responsible disclosure. Publishing full datasets without redaction could enable malicious actors to exploit the vulnerabilities before they are patched.

Users who create an account on the platform can submit requests for deeper access, which are reviewed manually on a case-by-case basis.

What This Means for Everyday Users

This situation serves as a stark reminder that not all apps in official app stores are created with the same level of care or security expertise. Even apps that pass Apple’s review process can harbor serious vulnerabilities, particularly if developers lack experience with secure data handling practices.

For users, this means being more cautious about which apps you download and what information you share within them. AI chatbot apps, in particular, often encourage users to share personal thoughts, questions, and details that could be deeply private. If that data is not properly secured, it can become accessible to third parties.

Practical Steps You Can Take

• Research apps before downloading them, especially lesser-known or newly released tools
• Avoid sharing sensitive personal information with apps unless absolutely necessary
• Review app permissions regularly and revoke access for apps you no longer use
• Delete apps that have known security issues or poor developer track records
• Use strong, unique passwords and enable two-factor authentication wherever possible

Developer Responsibility and the Bigger Picture

While Apple maintains strict App Store guidelines, the responsibility for securing user data ultimately falls on developers. The barrier to entry for app development has lowered significantly in recent years, thanks in part to AI-assisted coding tools and low-code platforms. While this democratization has benefits, it also means that inexperienced developers may launch apps without fully understanding security best practices.

Proper data security requires more than just functional code. It involves encryption, secure authentication, regular security audits, and a clear understanding of how third-party services handle user information. When developers skip these steps, users pay the price.

It is unclear whether the apps flagged by Firehound were developed using AI-assisted tools or other automated methods. However, the pattern of vulnerabilities suggests a lack of foundational security knowledge among some developers.

FAQ

Q: How can I check if an app I use is listed on Firehound?

A: You can visit the Firehound website to browse the public registry of flagged apps. Some details may require account registration and approval for access.

Q: Does Apple know about these vulnerabilities?

A: It is likely that Apple and affected developers are being notified as these vulnerabilities are discovered. However, the timeline for fixes depends on each developer’s response.

Q: Are Android apps affected by similar issues?

A: While Firehound currently focuses on iOS apps, similar vulnerabilities can and do exist on other platforms. The issue is not unique to Apple’s ecosystem.

Q: Should I delete all AI chatbot apps from my phone?

A: Not necessarily, but you should evaluate which apps you trust and consider limiting the personal information you share with them. Stick to well-known apps from reputable developers whenever possible.

First and Geek Verdict

The Firehound project has done the tech community a service by highlighting a widespread problem that affects millions of users. This is not just a technical issue but a trust issue, one that underscores the importance of developer accountability and user awareness.

For everyday users, the lesson is clear: be selective about the apps you download, cautious about the information you share, and proactive about reviewing your installed apps regularly. For developers, this is a wake-up call to prioritize security from day one, not as an afterthought.

Apple’s App Store has long been seen as a more secure alternative to other platforms, but this incident reminds us that no system is foolproof. The real measure of security is how quickly and effectively these vulnerabilities are addressed once discovered. We will be watching closely to see how Apple and the affected developers respond in the coming weeks.