Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

Summary

CloudSEK discovered 32 Google API keys hardcoded in 22 popular Android apps with over 500 million combined users, allowing attackers to extract keys via decompilation and gain unauthorized access to Gemini AI endpoints. The keys, in 'AIza…' format, can be abused for privilege escalation, enabling attackers to access private files, cached data, exhaust API quotas, and potentially expose user-submitted content. Prior research found over 35,000 unique Google API keys across 250,000 Android applications, turning what Google considered low-risk public identifiers into sensitive AI credentials.

Full text

Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and compromise data, CloudSEK warns. For over a decade, Google has said that API keys for public services such as Maps are not secrets, but recent research from Truffle Security showed that these keys can be used to authenticate to the Gemini AI assistant, potentially exposing personal data. “We scanned millions of websites and found nearly 3,000 Google API keys that now also authenticate to Gemini even though they were never intended for it. With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account,” Truffle said in February. Further research from mobile security firm Quokka (formerly known as Kryptowire) led to the discovery of over 35,000 unique keys across 250,000 Android applications. “Because Android applications can be easily unpacked and inspected, extracting these keys requires minimal technical skill, and automated scraping at scale is entirely feasible. What used to be low-risk visibility has quietly turned into a meaningful attack surface,” Quokka said. Now, CloudSEK says it discovered that 32 Google API keys hardcoded in 22 popular Android apps provide unauthorized access to Gemini AI, potentially exposing sensitive data to attackers. The applications have a combined userbase of over 500 million.Advertisement. Scroll to continue reading. The exposure is to the developer’s Gemini resources and any data stored there. However, if the app processes and uploads real user data, those users’ submitted content can indirectly leak. The Google API keys, all using the ‘AIza…’ format, can be abused for retroactive privilege escalation: a key that a developer creates and embeds in their application provides access to all Gemini endpoints when the AI is enabled on the project. This happens automatically, without the developer’s knowledge, and provides anyone able to extract the key from a decompiled application with a live Gemini credential, CloudSEK notes. Armed with the key, an attacker could access private files and cached content, make arbitrary Gemini API calls, exhaust API quotas and disrupt legitimate services, and access any data on Gemini’s file storage, including documents, images, and other sensitive information. The presence of hardcoded Google API keys in applications significantly increases the attack surface, as the packages are public by design and the keys persist across version increments. What’s more, the keys are embedded based on Google’s own documentation recommendations, and not by error. “The proliferation of Google API keys in mobile app packages is a well-documented phenomenon in the mobile security research community. What is new – and what makes this finding particularly urgent – is that a class of keys previously considered harmless public identifiers has been silently elevated to sensitive AI credentials,” CloudSEK notes. Related: AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks Related: API Threats Grow in Scale as AI Expands the Blast Radius Related: Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore Related: The New Rules of Engagement: Matching Agentic Attack Speed Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire RCE Bug Lurked in Apache ActiveMQ Classic for 13 YearsFBI: Cybercrime Losses Neared $21 Billion in 2025Evasive Masjesu DDoS Botnet Targets IoT DevicesHackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to TakeoverTrent AI Emerges From Stealth With $13 Million in FundingCritical Flowise Vulnerability in Attacker CrosshairsGrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise DataMedusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems Latest News Apple Intelligence AI Guardrails Bypassed in New AttackCan we Trust AI? No – But Eventually We MustPalo Alto Networks, SonicWall Patch High-Severity VulnerabilitiesThe Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityGoogle Warns of New Campaign Targeting BPOs to Steal Corporate DataAdobe Reader Zero-Day Exploited for Months: Researcher300,000 People Impacted by Eurail Data Breach$3.6 Million Stolen in Bitcoin Depot Hack Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveJohn Clancy has become Chief Executive Officer at Bitsight.Halcyon has appointed Dave Hannigan as Field Chief Information Security Officer.Pamela McLeod has been named as CISO of the state of New Hampshire.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Google API keys (AIza* format)

Entities