Just stumbled into that security lab Covert tested 198 vibe-coded iOS apps and found leaks in 196 of them, exposing millions of files containing names, emails, and complete chat histories.
How they picked these apps isn’t clear, making selection bias likely, but it’s still pretty remarkable (if sadly unsurprising). Some of these apps have hundreds of thousands of reviews on the App Store, so plausibly millions of users.
Interesting case. The App Store is supposed to be the safe platform, but of course, that’s only until the data leaves the device. Same for the IDEs sending data back and forth to model providers. The public registry (i.e. the list of apps to avoid) is here.