A security flaw in Google’s API architecture has exposed hardcoded keys in 22 popular Android apps with over 500 million combined downloads. The vulnerability allows hackers to access private data shared with the Gemini AI chatbot and make unauthorised API calls. Affected apps include Google Pay for Business and OYO Hotel.