{"data":{"id":"7151ee8e-b4a6-4965-aa61-c0f0773336a5","title":"Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access","summary":"Researchers found that Google API keys (credentials that allow apps to access Google services) embedded in Android applications can be extracted from decompiled code (the readable version of compiled software), potentially allowing unauthorized access to Gemini endpoints (the AI service interfaces). This means attackers could use stolen keys to access Google's Gemini AI service without permission.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/google-api-keys-in-android-apps-expose-gemini-endpoints-to-unauthorized-access/","publishedAt":"2026-04-09T12:26:50.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google","Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-09T12:26:50.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}