Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and compromise data, CloudSEK warns.
For over a decade, Google has said that API keys for public services such as Maps are not secrets, but recent research from Truffle Security showed that these keys can be used to authenticate to the Gemini AI assistant, potentially exposing personal data.
“We scanned millions of websites and found nearly 3,000 Google API keys that now also authenticate to Gemini even though they were never intended for it. With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account,” Truffle said in February.
Further research from mobile security firm Quokka (formerly known as Kryptowire) led to the discovery of over 35,000 unique keys across 250,000 Android applications.
“Because Android applications can be easily unpacked and inspected, extracting these keys requires minimal technical skill, and automated scraping at scale is entirely feasible. What used to be low-risk visibility has quietly turned into a meaningful attack surface,” Quokka said.
Now, CloudSEK says it discovered that 32 Google API keys hardcoded in 22 popular Android apps provide unauthorized access to Gemini AI, potentially exposing sensitive data to attackers. The applications have a combined userbase of over 500 million.
The exposure is to the developer’s Gemini resources and any data stored there. However, if the app processes and uploads real user data, those users’ submitted content can indirectly leak.
The Google API keys, all using the ‘AIza…’ format, can be abused for retroactive privilege escalation: a key that a developer creates and embeds in their application provides access to all Gemini endpoints when the AI is enabled on the project.
This happens automatically, without the developer’s knowledge, and provides anyone able to extract the key from a decompiled application with a live Gemini credential, CloudSEK notes.
Armed with the key, an attacker could access private files and cached content, make arbitrary Gemini API calls, exhaust API quotas and disrupt legitimate services, and access any data on Gemini’s file storage, including documents, images, and other sensitive information.
The presence of hardcoded Google API keys in applications significantly increases the attack surface, as the packages are public by design and the keys persist across version increments. What’s more, the keys are embedded based on Google’s own documentation recommendations, and not by error.
“The proliferation of Google API keys in mobile app packages is a well-documented phenomenon in the mobile security research community. What is new – and what makes this finding particularly urgent – is that a class of keys previously considered harmless public identifiers has been silently elevated to sensitive AI credentials,” CloudSEK notes.
Related: AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks
Related: API Threats Grow in Scale as AI Expands the Blast Radius
Related: Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
Related: The New Rules of Engagement: Matching Agentic Attack Speed
