CloudSEK finds Google API flaw jeopardizing Android Gemini app data

Technology Apr 09, 2026

A new report from CloudSEK has found a major security flaw in Google's API setup, putting sensitive user information at risk in Android apps that use Gemini AI.
Basically, an API key meant to just identify the app can accidentally get access to private data after Gemini is added.

Affected apps total over 500 million installs

Big-name apps like Oyo Hotel and Google Pay for Business are affected, and the 22 affected apps together have more than 500 million installs.
This means millions of users could have their data exposed if the flaw is misused.
Developers are being urged to update and secure their API keys right away, while users should be extra careful using third-party apps that connect with Gemini AI.