As your work week ends, don’t forget to celebrate Mom! These mobile apps are designed to make her life easier – just make sure to vet 3rd-party apps before she downloads. It only takes a few minutes to keep Mom’s privacy safe.
Now onto your highlights from the mobile application security world this week.
- Malicious apps re-surface on Google Play
- Apple pushes back on apps not alerting end users data is being shared
- Google’s next generation virtual assistant is so real, it’s scary
- After a week, new feature on iOS 11.4 disable connection to Lightening port
- Google announces more secure, top level domain (TLD), .app
- And more!
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“Onstage at I/O 2018, Google showed off a jaw-dropping new capability of Google Assistant: in the not too distant future, it’s going to make phone calls on your behalf.”
To head off ethical concerns, Google has since confirmed Google Duplex will disclose to humans that they are speaking with a bot virtual assistant.
“In order to help the apps slip past Google Play security, the malware is configured to wait four hours before starting the malicious activity. This also helps lure the user into a false sense of security about the app, so even if they notice the device acting suspiciously, they might not attribute this to the recently installed application.”
“Apple’s crackdown on these applications comes amid a growing industry shift due to General Data Protection Regulation, or GDPR, in the European Union. While Apple has always been a privacy-focused company, it is seemingly looking to ensure that developers take the same care of user data.”
Developers can save time and pass App Store Review Guidelines 5.1.1 and 5.1.2 by integrating automated security checks, including 3rd-party library reviews, into their build cycle.
Best Practices for Enabling ProGuard
“If possible, start using ProGuard from day 1 of a new project. I’ve gone through the experience of enabling ProGuard on a project that’s been worked on for years without it, and it’s more difficult.”
NowSecure recommends every Android Developer use ProGuard in their build process as it helps prevent an attacker from deciphering the Java code logic of the app. ProGuard is a free tool included in Android Studio.
“The functionality of USB Restricted Mode is actually very simple. Once the iPhone or iPad is updated to the latest version of iOS supporting the feature, the device will disable the USB data connection over the Lightning port one week after the device has been last unlocked.”
Buffett warns of 2% chance of major cyber disaster
“After all, the world runs on software, and software is written by humans who are just as flawed as you and me. No matter how much they try, they’ll still end up accidentally inserting some kind of error into their code that can be exploited. That’s just how the system works.”
Introducing .app, a more secure home for apps on the web
“Today we’re announcing .app, the newest top-level domain (TLD) from Google Registry, created specifically for apps and app developers.”
“Currently, apps on Android can gain full access to the network activity on your device—even without asking for any sensitive permissions.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.