CloudSEK Logo
February 10, 2023

BeVigil Exposes Mobile App Danger: Over 4 Million Users Globally at Risk from Hardcoded Shopify Tokens

CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered a critical security flaw in the mobile app industry. From the millions of Android apps indexed on BeVigil, 21 apps were identified to have 22 hardcoded Shopify API keys/tokens, exposing personally identifiable information (PII) to potential threats. These apps put close to 4 million users worldwide at risk, with shopping being the most affected category.

Author: Bablu Kumar 

Co-authors: Vishal Singh, Arshit Jain and Mayank Pandey

Authors & Contributors

Bablu Kumar
Bablu is a technology writer and an analyst with a strong focus on all things cybersecurity
Vishal Singh
As a Vulnerability Research Engineer at CloudSEK, Vishal conducts penetration tests on client-side assets and reports discovered vulnerabilities.
Arshit Jain
Collecting data for world's first security search engine bevigil.com | Web Scraping | Data Mining |
Mayank Pandey
Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.
Download Now
Schedule a Demo

Join our newsletter

Sign up so that you don't miss any updates from us

BeVigil Exposes Mobile App Danger: Over 4 Million Users Globally at Risk from Hardcoded Shopify Tokens

CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered a critical security flaw in the mobile app industry.

Download ReportSchedule a demo

CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered a critical security flaw in the mobile app industry. From the millions of Android apps indexed on BeVigil, 21 apps were identified to have 22 hardcoded Shopify API keys/tokens, exposing personally identifiable information (PII) to potential threats. These apps put close to 4 million users worldwide at risk, with shopping being the most affected category.

Author: Bablu Kumar 

Co-authors: Vishal Singh, Arshit Jain and Mayank Pandey