Preventing Living Off The Land Attacks on Android & iOS Apps For brands that rely on Android and iOS apps as a key part of their business (which is most brands today), protecting the information stored in or used by mobile apps is critical to protecting your intellectual property and ensuring a secure mobile experience for your users. For many organizations, mobile apps these days are the lifeblood of the business. Mobile apps contain a wide variety of valuable information that can be harvested or stolen, ranging from the user’s personally identifiable information (PII), financial inf ..read more

Parallel Space is a popular virtualization app that allows mobile users to make clones of Android apps and create multiple accounts for the same app that can run on the same physical “device”. It works by creating a separate container (an isolated environment where you can run other apps inside the container on the same virtualized environment). I use quotes around the word device because Parallel Space (and any of the apps like it) can run on many different platforms, not just Android. It runs on Android, Mac, Windows as well as emulators like BlueStacks and Nox, which makes it a very flexib ..read more

What “Shift Left” security really means for SDK Vendors Shift left your application security. Just press the pause button on your continuous delivery pipeline and ask your developers to download our poorly documented SDK…err…actually email our devrel team for the sdk cuz we don’t publish our sdk to the public. It’s kinda top secret. (Plus bill hasn’t finished writing the sdk yet..he’s almost done with the swift version …the objective C version comes out next quarter. We have android fully covered tho if your app is written 100% in Java and you don’t need all the features on day 1. We ..read more

In this blog post, I’ll discuss the security implications of crypto wallets and offer some tips to mobile developers on how to secure ..read more

This is a multi-part blog series on mobile SDKs. I’ll describe mobile SDKs from a comprehensive standpoint and answer all the burning ..read more

This is a multi-part blog series about Reverse Engineering, a fundamental building block in every hacker’s tool-chain for compromising ..read more

What is StrandHogg ..read more

The state of mobile app security is weak AF; a large majority of Android and iOS apps lack even the most basic security protections and ..read more

And why no mobile app is safe on a Jailbroken iPhone What is Jailbreaking iOS — ie: What does it mean to Jailbreak an iPhone? Jailbreaking is the process of unlocking the iOS operating system on an Apple mobile device. Jailbreaking is a form of administrative privilege escalation, which bypasses Apple’s restrictions, resulting in full administrative control over the OS (the highest level of administrative privilege possible). Jailbreaking is often accomplished by exploiting bugs in Apple’s software/firmware or modifying system kernels to allow read and write access to the file system. Jai ..read more

How to use SSL Certificate Validation & Certificate Pinning to Prevent Phishing What is Mobile Phishing? Mobile Phishing is a cybercrime in which an attacker impersonates a legitimate/trusted institution and uses social engineering techniques to trick mobile users into doing what the hacker wants. The goal of phishing is usually either to trick mobile users into providing sensitive information (e.g. PII, username/password, SS #, banking details, credit card info, etc) or to download/install malware (for example using a fake app, or clone, or malware embedded inside a legitimate app ..read more