Summary created by Smart Answers AI
In summary:
- PCWorld reports that Codeway’s AI apps leaked over 12 TB of user data, including 1.5 million images and 400,000 videos from their Video AI Art Generator app due to a Google Cloud configuration error.
- The breach affects users across 26 countries and exposed sensitive personal information through the IDMerit verification app, including names, addresses, and ID card numbers.
- Users should immediately uninstall Codeway apps and remain vigilant against phishing attempts, as the leaked content may include private data despite being AI-generated.
There are millions of apps in the Google Play Store, but not all of them are safe to use. Security researchers have recently identified several apps that contain serious security vulnerabilities.
The first app in question
According to a Forbes contributor, a seemingly harmless app called Video AI Art Generator & Maker by developer Codeway—which has been installed nearly half a million times—leaked all of its users’ images and videos. Over 12 TB of data, including 1.5 million images and nearly 400,000 videos, ended up freely available on the internet.
The incident wasn’t malicious, but due to a configuration error in Google Cloud. It allowed anyone to access the stored data without having to identify themselves first. For users of the app, it was a disaster.
The app is no longer available in the Google Play Store, as Google responded quickly to user complaints and removed it. It had been listed since June 2023 and was used to generate images and videos quickly and easily with AI. The leaked images were all created using the app, but possibly contained private content.
That wasn’t the only leak
Another app from the same developer, called IDMerit and used for identity verification, had an equally serious security vulnerability. However, this one didn’t result in the leaking of image data, but rather exposed sensitive personal information including:
- Full names
- Home addresses
- Postal codes
- Dates of birth
- ID card numbers
- Telephone numbers
- Gender
- Email addresses
- Other metadata
All of this information could be linked to individuals in the United States and 25 other countries, including Germany, France, China, and Brazil. Sensitive personal data like this can be used by attackers to launch targeted phishing attacks and/or steal identities.
If you have an app from developer Codeway installed on your device, you should uninstall it immediately. Also, check all incoming messages or emails for signs of phishing and ignore all such suspicious requests.
How to protect yourself
When installing new apps, you should always check whether they come from a trustworthy source. Although Google checks all apps offered in the Play Store, it can’t guarantee that they’re 100% secure. This is still the responsibility of the developers.
It’s therefore best to check how many apps the provider has previously released and whether they have a trustworthy track record. Don’t be tempted by hype or trends, such as AI-driven apps. Don’t install free apps that have not been sufficiently tested.
Pay attention to the device permissions requested by apps, too. Various seals of approval, such as the “Verified Developer” badge or this symbol for VPN apps indicating that an app has been sufficiently tested.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
Author: Laura Pippig, Staff Writer, PC-WELT
Laura is an enthusiastic gamer as well as a movie and TV fan. After studying communication science, she went straight into a job at PCMagazin and Connect Living. Since then, she has been writing about everything to do with PCs and technology topics, and has been a permanent editor at our German sister site PC-WELT since May 2024.
English (US) · 
