App Inventor Cybersecurity

I've bever used App Inventor and am considering using it for a research project. Have there been instances of hackers accessing phones using the apps that are made through App Inventor? Do you think this is possible?

  1. no (from me)
  2. it's possible

It might be possible, because hackers might access the database of user passwords.

I use the extension BaseLoaded by @TIMAI2 to decode and encode passwords + Obfuscated text. This is an example.

This is much, much more secure than the normal text block without encoding.

1 Like

It is really just easy to write a code in Java, compile to the app and run it, making it far easier to make a virus.


Or, developers might write malicious extensions and put them in their apps.

Anything might be possible in the world.

1 Like

yes, hackers might hack it. But they rely more on Android Studio as most big tech companies only use Android Studio

So there is a 5 / 1000 chance your app might get hacked

1 Like

Hello Christine

It's very unlikely that there would be a security risk with an App written by yourself, especially if you do not use extensions. Even with extensions it should be fine, to date there has not been any reports of a malicious extension.

Can a hacker write a malicious App with App Inventor? Yes.


I found the App Inventor terms of service and it listed these activities as prohibited with App Inventor.

  • Viruses, trojan horses, worms, time bombs, corrupted files, malware, spyware, or any other similar software that may damage the operation of another’s computer or property
  • Using the Site in any manner intended to damage, disable, overburden, or impair any MIT server, or the network(s) connected to any MIT server, or interfere with any other party’s use and enjoyment of the Site.
  • Attempting to gain unauthorized access to the Site, other accounts, computer systems or networks connected to any MIT server through hacking, password mining or any other means.
  • Obtaining or attempting to obtain any materials or information stored on the Site, its servers, or associated computers through any means not intentionally made available through the Site.
  • ...

So, if a hacker makes malicious apps with App Inventor, he/she is violating the TOS of App Inventor.

1 Like

Certainly that's true, but if the Hacker doesn't care about other people...

1 Like

Not really true...
As the app popularity increases you are in the radar of hackers and they dont even see where the app is made :frowning_face:

1 Like

Yeah unfortunately :frowning: ...

I hope MIT takes charge of this soon...

Actually hackers can do anything they want
Some days ago i got a video in YouTube where it was taught that how You can inject an virus to an apk which is a kind of other source and make it harmful for its users by accessing the location, camera, mic, etc.
So stopping hackers is not possible but yes we can AppInventor can make the application more secure


Exactly. This is why apps uploaded into the MIT App Inventor Gallery must not contain extensions. We are not allowed to upload direct download links of APKs in the community because the APK might have a virus.

1 Like

If I look AI2 app with the view of Sandbox Model that its is hard to penetrate the security wall provided to app. We need to set/ask for permission what application can access or what user like app to be allowed.

1 Like

...and a Hacker can replace it with something malicious

1 Like

Yes sir that only i wa saying
Means hackers can do everything they want

1 Like

Christine, bear in mind that issues with hackers and malware are universal, not in anyway limited to App Inventor Apps. You might be being a tad over cautious.

I have been following AI2 board posts since the AI1 days, and have yet to see a complaint that an AI2 app has been hacked.

I have seen reports of anti-virus apps blocking AI2 apps because of their ease of creation by app spammers.

I have also seen many opportunities for misconfiguration of the databases (Firebase, CloudDB, Google Sheets, TinyWebDB) that AI2 can access. But that goes with slap dash educational app development.