[Bug report] Security Issue: detected multiple hardcoded email addresses #988
Description
Describe the bug
During a security analysis/compliance scan of our iOS application's IPA, we detected multiple hardcoded email addresses embedded directly within the GoogleMLKit/TextRecognition framework binary. These strings appear to be internal developer emails, license headers, or regex patterns included in the compiled executable. Their presence triggers false positives in our enterprise Data Loss Prevention (DLP) scans and security audits.
To Reproduce
Steps to reproduce the behavior:
Create an iOS project and integrate the GoogleMLKit/TextRecognition pod/package .
Archive the project and export the .ipa file (Release build).
Open a Terminal and run the strings command on the app binary to filter for emails :
Use a shell script for scanning the regex for email
See error: The output displays various internal email addresses that are hardcoded into the framework binary.
Expected behavior
The production release of the framework should be stripped of hardcoded email strings. This ensures the binary is "clean" and does not trigger PII/compliance alerts during security reviews.
SDK Info:
SDK Name & Version: GoogleMLKit/TextRecognition [e.g. 4.0.0]
Smartphone:
Development Environment:
IDE Version: Xcode 14.0
Laptop/Desktop: MacBook Pro M2
OR
Open the below file in textEditor and search for email ids here,
