Tarot Card Psychic Reading Android App Exposes AWS Secrets
Background
The Tarot Card Psychic Reading Android app
stores an AWS secret key
on the phone,
exposing
it to theft.
This is a dangerous practice, as explained
here.
Testing Method
I used an Android emulator.
Here's the app I tested:
I found AWS secrets stored
on the phone,
as shown below.
Notification
I sent this email on 9-24-2025:
Posted privately 9-24-2025 by Sam Bowne