IoT Fails: Production App Hit a Staging API and Exposed Debug Tools

In this post I describe an incident with a Petlibro smart feeder: the production iOS app momentarily showed developer overlays, a request inspector, and terminal UI — all tied to what looks like their private staging API backend.

I dig into what might have gone wrong (misconfiguration, build error, environment switch), what risks it may have posed (exposed endpoints, potential data leaks, no user alerts or invalidations), and broader lessons about the caution we should exercise when granting consumer IoT devices access to our networks, when security is not their concern.