{"id":2615,"date":"2026-01-20T23:15:17","date_gmt":"2026-01-21T04:15:17","guid":{"rendered":"https:\/\/ozer.gt\/log\/?p=2615"},"modified":"2026-01-23T09:58:51","modified_gmt":"2026-01-23T14:58:51","slug":"vibe-coding-vs-security-in-ios-apps","status":"publish","type":"post","link":"https:\/\/ozer.gt\/log\/2026\/01\/20\/vibe-coding-vs-security-in-ios-apps\/","title":{"rendered":"Vibe coding vs. security in iOS apps"},"content":{"rendered":"<p>Just stumbled into that security lab Covert tested 198 vibe-coded iOS apps and found leaks in 196 of them, exposing millions of files containing names, emails, and complete chat histories.<\/p>\n<p>How they picked these apps isn&#8217;t clear, making selection bias likely, but it&#8217;s still pretty remarkable (if sadly unsurprising). Some of these apps have hundreds of thousands of reviews on the App Store, so plausibly millions of users.<\/p>\n<p>Interesting case. The App Store is supposed to be the safe platform, but of course, that&#8217;s only until the data leaves the device. Same for the IDEs sending data back and forth to model providers. The public registry (i.e. the list of apps to avoid) is <a href=\"https:\/\/firehound.covertlabs.io\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just stumbled into that security lab Covert tested 198 vibe-coded iOS apps and found leaks in 196 of them, exposing millions of files containing names, emails, and complete chat histories. How they picked these apps isn&#8217;t clear, making selection bias likely, but it&#8217;s still pretty remarkable (if sadly unsurprising). Some of these apps have hundreds [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-2615","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/posts\/2615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/comments?post=2615"}],"version-history":[{"count":2,"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/posts\/2615\/revisions"}],"predecessor-version":[{"id":2617,"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/posts\/2615\/revisions\/2617"}],"wp:attachment":[{"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/media?parent=2615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/categories?post=2615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ozer.gt\/log\/wp-json\/wp\/v2\/tags?post=2615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}