Published: 2020/11/05  Last Updated: 2020/11/05

Information from Studyplus Inc.

Vulnerability ID:JVN#00414047
Title:Studyplus App uses a hard-coded API key for an external service
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

In Android, the vulnerability have been fixed in the version 6.3.8 which
was released on October 19th 2020.
Please update to the latest version via the Google Play Store.

In iOS, the vulnerability have been fixed in the version 8.30.0 which was
released on October 27th 2020.
Please update to the latest version via the App Store.

We have not been reported any incidents that exploited the vulnerability
ever.