If The Cat Game Can Leak Your Data, Any App Can – Here’s How to Protect Yourself

Think your iPhone apps are keeping your data safe? Think again. Our investigation into iOS app data leaks revealed a startling truth: even the most innocent-looking apps could be exposing your personal information without your knowledge. When we examined “Cats Tower: The Cat Game!” – a seemingly harmless iOS app with half a million users – we discovered it was silently transmitting user IP addresses, Facebook tokens, and sensitive backend credentials to potential bad actors.

This isn't an isolated incident. After analyzing over 156,000 iOS apps (roughly 8% of the App Store), we found that a shocking 71% leak at least one hardcoded secret. That cute game, that handy utility, or that productivity app you rely on daily might be compromising your privacy right now. While many users believe Apple's ecosystem provides bulletproof security, the reality is far more concerning – and it's time you took matters into your own hands.

Fortunately, you don't need to be a cybersecurity expert to protect yourself. With a few simple steps, you can significantly reduce your risk of falling victim to iOS app data leaks. From managing app permissions to creating stronger passwords, the power to safeguard your digital life starts with understanding the threat and taking action today.

By Aras Nazarovas

If you thought downloading a cute cat game was harmless, think again. We at Cybernews have cracked open the code of “Cats Tower: The Cat Game!” – an iOS app with half a million users – and found it purring out plenty of secrets: user IP addresses, Facebook tokens, and locations and credentials for the app’s backend systems.

This is a symptom of a much bigger problem hiding in plain sight on your iPhone – and it’s happening at a scale that should make every user pause before tapping “Install.”

The Cat’s Out of the Bag

Let’s break it down: we went spelunking through the guts of 156,000 iOS apps – about 8% of everything on the App Store. What we found is the stuff of digital nightmares: 71% of those apps were leaking at least one hardcoded secret. We’re talking API keys, cloud credentials, and other sensitive endpoints.

Many people believe iOS apps are more secure. But our research shows developers often leave keys to the kingdom in plain sight. It’s like locking your front door but taping the key to the window. Wouldn’t this make you anxious? 

In the case of the cat game, that meant 450,000 users’ IP addresses and ~250 Facebook access tokens were up for grabs. With that kind of data, a savvy bad actor could track you, hijack your social media, or even spin up fake requests to the app’s backend – weaponizing the app against its own users.

How to Keep Your Data Out of the Litter Box

So you’re one of the 1.38 billion active iPhone users in the world, and you love your apps – maybe even that cat game that’s spilling half a million users’ secrets across the internet. Here’s the truth: your data is only as safe as the laziest developer in your app library. But you don’t have to be a sitting duck.

Start with permissions. Every time you install an app, it asks for access – to your location, your photos, your contacts. Most people just tap “Allow.” Don’t. Head to Settings > Privacy & Security and audit who’s got the keys to your digital house. If a game wants your location, ask yourself why. Spoiler: It likely doesn’t need it.

Update like your privacy depends on it – because it does. Apple pushes out security updates for a reason. Hackers love old software. Go to Settings > General > Software Update and don’t let those red notification dots linger. The same goes for your apps: update early and often.

Lock it down. Still using “123456” or your birthday as a passcode? Time to level up. Use a long, unique passcode and enable Face ID or Touch ID. If someone snatches your phone, you want it to be a brick, not a gold mine.

Don’t trust – verify. That adorable new app? Treat it like a stranger at your door. Check reviews, look up the developer, and think twice before granting permissions. Even the App Store’s walled garden isn’t weed-free.

Clean your digital house. Delete apps you don’t use. Every extra app is another potential leak. Before deleting the app, delete the account you created for the service, if they don't have your data, they can’t leak it. Less is more.

Stay skeptical. Phishing isn’t just for email. If an app asks you to log in with Facebook or Google, make sure it’s legit. And never, ever tap on sketchy links.

Remember, if iOS apps are leaking secrets, it’s up to users to protect themselves first. Assume your favorite app could have a data breach tomorrow. Act accordingly.

The Bottom Line

The cat game leak is a warning shot. As mobile cyberattacks surge and the App Store’s walled garden shows cracks, it’s clear that mobile security is your problem too, not just Apple’s. So next time you download a new app – even one with adorable kittens – remember that on the internet, curiosity doesn’t just kill the cat. It can put your privacy at risk, too.

ABOUT THE AUTHOR

Aras Nazarovas is an Information Security Researcher at Cybernews, a research-driven online publication. Aras specializes in cybersecurity and threat analysis. He investigates online services, malicious campaigns, and hardware security while compiling data on the most prevalent cybersecurity threats. Aras along with the Cybernews research team have uncovered significant online privacy and security issues impacting organizations and platforms such as NASA, Google Play, App Store, and PayPal. The Cybernews research team conducts over 7,000 investigations and publishes more than 600 studies annually, helping consumers and businesses better understand and mitigate data security risks.

Previous Cybernews research: 

1. Cybernews researchers analyzed 156,080 randomly selected iOS apps – around 8% of the apps present on the App Store – and uncovered a massive oversight: 71% of them expose sensitive data.
2. Recently, Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews security research team discovered an unprotected Elasticsearch index, which contained a wide range of sensitive personal details related to the entire population of Georgia. 
3. The team analyzed the new Pixel 9 Pro XL smartphone’s web traffic, and found that Google's latest flagship smartphone frequently transmits private user data to the tech giant before any app is installed.
4. The team revealed that a massive data leak at MC2 Data, a background check firm, affects one-third of the US population.
5. The Cybernews security research team discovered that 50 most popular Android apps require 11 dangerous permissions on average.
6. They revealed that two online PDF makers leaked tens of thousands of user documents, including passports, driving licenses, certificates, and other personal information uploaded by users.
7. An analysis by Cybernews research discovered over a million publicly exposed secrets from over 58 thousand websites’ exposed environment (.env) files.
8. The team revealed that Australia’s football governing body, Football Australia, has leaked secret keys potentially opening access to 127 buckets of data, including ticket buyers’ personal data and players’ contracts and documents.
9. The Cybernews research team, in collaboration with cybersecurity researcher Bob Dyachenko, discovered a massive data leak containing information from numerous past breaches, comprising 12 terabytes of data and spanning over 26 billion records.
10. The team analyzed NASA’s website, and discovered an open redirect vulnerability plaguing NASA’s Astrobiology website.
11. The team investigated 30,000 Android Apps, and discovered that over half of them are leaking secrets that could have huge repercussions for both app developers and their customers.