AI programming issues! The convenience store near-expiry product app "Food Hunter" has a major security problem, exposing home GPS data.

Recently, an AI-generated app known as “Food Hunter,” which claims to integrate a map of near-expiration products from convenience stores in Taiwan, has sparked concerns over user GPS data leakage. Companies like Amazon have also faced significant outages and $1.78 million in bad debt due to reliance on AI for programming, highlighting the absolute necessity of human engineers for oversight.

The Food Hunter app integrates near-expiration products from convenience stores, raising questions about API authorization

A person claiming to focus on AI product development and personal IP growth recently announced the launch of the “Food Hunter” app on the Threads platform, promoting its ability to integrate maps of near-expiration products from 7-11 and FamilyMart. Its main features include real-time stock queries and keyword restock notifications.

The developer pointed out that the Food Hunter app was entirely developed with AI assistance, taking about 2 weeks. Although it offers free downloads with basic features, it also launched a paid plan to remove ads and provide advanced features, including a limited-time annual plan priced at NT$190.

This post has attracted 12,000 views on Threads but has also raised questions from multiple users regarding the legitimacy of its API authorization.

Some users questioned whether the Food Hunter app had obtained official API authorization and warned that if data is scraped without authorization, the convenience store authorities can simply change the token settings, causing the app’s functionality to cease.

Other users analyzed from a business competition perspective, stating that in recent years, Taiwan’s convenience stores have viewed app membership numbers as a key performance indicator. The goal of integrating near-expiration product inventory data into the system is to boost membership numbers and usage rates. If a third-party app siphons traffic and conflicts with official interests, it is highly likely to face suppression from the authorities.

Currently, some users have sent related information to the officials, but as of the morning of March 27, when this article was written, 7-11 and FamilyMart have not publicly commented on the Food Hunter app.

Engineer reveals security issues with Food Hunter app, home GPS coordinates exposed

In addition to the API authorization controversy, there are also cybersecurity concerns behind the Food Hunter app.

Yi-Jyun Pan, an engineer from Zeabur.app, recently posted warnings urging the public to suspend use of the Food Hunter app.

He pointed out that as long as you use this app and share your location, your precise home GPS coordinates will be written into the database and then unfortunately exposed on the public internet.

Although the developer has made some fixes based on recommendations, after a re-audit, Yi-Jyun Pan found that the developer only fixed half of the issues, and the security risks remain.

Yi-Jyun Pan noted that since this is an AI-generated product, the system protection is extremely inadequate. If users are concerned about security issues, they should take proper steps before deleting the Food Hunter app, first deleting all keyword tracking and store visit records to ensure that the corresponding coordinate information is also cleared, and then uninstalling the app.

Yi-Jyun Pan also provided three pieces of advice to the developers: first, the app is a frontend, not a backend; if protection relies solely on the frontend, that is not protection, and the privacy policy must be detailed. Developers must not blindly trust AI methods; business logic still requires human review.

AI programming becomes a double-edged sword, Amazon and Moonwell pay a heavy price

Disasters arising from over-reliance on AI for programming and lack of review are often reported, even large companies are not immune.

Recently, Business Insider reported that Amazon’s e-commerce website experienced a severe system outage in March 2026, with internal investigations attributing “part of the reason” to Amazon’s AI code assistant: Amazon Q Developer.

Dave Treadwell, Senior Vice President of Amazon’s e-commerce services, noted in internal documents that the frequency of incidents has been on the rise since the third quarter of 2025. Among them, an anomaly on March 2 caused delivery times to display incorrectly, resulting in approximately 120,000 lost orders and 1.6 million website errors.

In response, Amazon announced a 90-day security reset, requiring engineers to obtain dual review before modifying code.

Image source: Amazon AI code assistant: Amazon Q Developer

The decentralized finance (DeFi) sector in blockchain also faces similar challenges. The well-known lending protocol Moonwell experienced an oracle configuration error in February, leading to a sharp decline in token prices, triggering liquidation bots and causing $1.78 million in bad debt.

Blockchain security auditor Pashov found that the code causing the vulnerability was completed in collaboration with the AI model Claude Opus 4.6.

As AI programming tools like Claude Code and Codex become increasingly popular, their convenience also presents a double-edged sword.

The above cases illustrate that while generative AI can accelerate development speed, due to the lack of rigorous logical inference in its intuitive generation model, without human oversight, it may bring irreparable losses to businesses and users.

Further reading:
Professor Jada dissects generative AI: Is Vibe Coding really that amazing? What is the best way to use AI for programming?