A flaw in Google’s API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform.
According to a CloudSEK advisory published on April 8, the issue affects widely used Android apps and could allow attackers to access sensitive data, generate unexpected costs and disrupt services.
The vulnerability centers on Google’s long-standing API key format, originally designed for public-facing services such as Maps and Firebase.
CloudSEK found that when the Gemini API is enabled in a Google Cloud project, existing keys automatically gain access to AI endpoints without notification or user consent.
Silent Shift Creates Widespread Risk
This behavior marks a departure from earlier guidance, which stated that such keys were safe to embed in client-side code. Developers who followed those recommendations may now be unknowingly exposing credentials linked to advanced AI systems.
CloudSEK reportedly analyzed 10,000 Android apps using its BeVigil platform, identifying 32 active keys across 22 applications. These apps collectively account for more than 500 million installs.
In one confirmed case, researchers accessed user-uploaded audio files from an English-learning app via the Gemini Files API. The data included file metadata, timestamps and accessible links, indicating that private content could be retrieved using exposed keys.
“This is a structural flaw,” CloudSEK wrote. “Google merged the concept of ‘public keys’ with server-side AI secrets, and enabling Gemini should have triggered a mandatory key restriction or forced the creation of a new, scoped key.”
Read more on AI security vulnerabilities: Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Financial and Security Implications
The risks linked to the vulnerability include:
-
Access to private files stored in Gemini
-
Unauthorized API usage leading to financial losses
-
Service disruption through quota exhaustion
The mobile ecosystem amplifies the threat, CloudSEK explained, as app packages can be easily downloaded and analyzed to extract embedded keys. Many of these keys persist across multiple versions, increasing long-term exposure.
Real-world incidents highlight the potential impact. One developer reported $15,400 in charges within hours of a compromised key being exploited. Another organization faced losses of $128,000, despite implementing security controls.
Researchers recommend that developers audit their cloud projects, rotate exposed keys and restrict API access to only the services required.
Infosecurity has reached out to Google for comment on these findings, but has not received a response at the time of publication.
Image credit: Nwz / Shutterstock.com
