282 iOS Apps Expose LLM API Keys in Plaintext Traffic, Revealing Systemic Client-Side Deployment Failures

The study documented three leak classes: 54 apps sent raw keys in cleartext requests, 92 routed traffic through unauthenticated backend relays, and 136 issued long-lived tokens that remained valid weeks past expiry. One app set a token expiration for 2125. Health apps showed the highest per-category rate while finance and medical apps showed none, indicating uneven security maturity. Three months post-notification only 28 percent of developers revoked credentials.

Cross-referencing with the 2025 LM-Scout Android audit and the Leaky Apps secret scan reveals the identical pattern: developers embed provider keys to ship features faster rather than stand up authenticated proxies. Sysdig's cost model projects daily charges exceeding $46,000 per compromised key when usage spikes. App Store review processes did not catch these exposures despite visible network behavior.

The financial asymmetry favors attackers. LLMjacking requires only traffic capture, not code execution. Apple and providers continue to document client-side keys as acceptable while telemetry shows anomalous device counts per key. Procurement records indicate most affected apps are low-revenue side projects where server infrastructure was deprioritized.

Next steps include mandatory proxy enforcement by providers and automated App Store traffic inspection for known key patterns. Without these controls the exposure surface will scale with every new LLM wrapper app.