Many felt underwhelmed by Apple WWDC 2018 announcements on Monday, but a refined iOS 12, along with many other valuable updates, is still pretty interesting. Join us Tuesday, June 12th @ 1 PM CT for an iOS 12 Preview – including top ways NowSecure experts project iOS 12 will affect mobile app security testing.
Your highlights from the mobile app security world this week include:
- NowSecure reaches new milestone for Apple mobile app security testing
- Microsoft buys into developer-first market, acquires Github
- Android’s latest security bulletin is here
- Apple announces iOS to Mac porting capabilities by next year
- Smartphones become target of choice for spies given they hold more valuable personal data than computers
- Android P lets users know when an app wants access to call logs or phone numbers
- And more!
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Introducing Jailed Testing with NowSecure
“The purpose of this post is to explain how automated mobile app security testing on the most recent versions of iOS on Apple standard production devices is now possible, with Jailed Testing, via NowSecure Gadget technology on NowSecure Workstation.”
The ability to conduct dynamic mobile appsec testing on the latest iOS versions, using real devices, is a big step forward in extending the reach of mobile appsec. NowSecure is excited to break down barriers and aid organizations in providing safer mobile apps for end users.
“Android P also introduces a number of features that address enterprise security needs: The ability for IT administrators to require different PINs and timeout rules for the personal and work profiles. Additional policies that can prevent data sharing across work and personal profiles. New APIs that work with keys and certificates to securely identify devices accessing corporate resources.”
“The biggest benefactor of Microsoft’s acquisition of GitHub could be enterprise DevOps. But maybe it’s also time to diversify.”
It’s too early to say what Microsoft’s acquisition of the beloved developer platform, GitHub, will mean to the open source community. However, joining the two tech giants certainly helps propel the DevOps movement forward in a very meaningful way. Side note: It will be interesting to see how Microsoft handles GitHub repositories that undermine Microsoft products, like Xbox emulators…
The future of the Mac comes from iOS apps
“To understand what Apple’s doing, first we need to understand why we’re even having this discussion in the first place. Apple wants to make it easier for mobile developers to get something like their mobile apps on the Mac.”
Since end-user demand for mobile apps is greater than web apps, it makes sense that Apple is creating a pathway for iOS developers to share lightweight, mobile apps with Mac users. As mobile-first continues to dominate digital business strategy, organizations should ensure their mobile app development process includes protections against data leakage or unnecessary vulnerability gaps.
Android Security Bulletin: Everything you need to know!
“Update, June 4: Google has detailed the latest Android Security Bulletin and released June 2018 security updates for the Pixel and Nexus devices.”
“Victims are often tricked into downloading “Trojan horse” software that masquerades as a different program—a videoconferencing or security app, for example. The software is often built by contractors or freelance developers who sell it to government clients.”
“The biggest part of the update is the finalized APIs, which means that you can build an application now targeting API 28, Android P. In Developer Preview 3, a new permission group has been added. This permission group pertains specifically to the Android call log, meaning that when an application wants to read your call log or phone numbers, a prominent, user-facing message will display telling them exactly what kind of access they are granting an app.”
“Amazon said it has pulled CloudPets, a smart toy that researchers said was riddled with security flaws, from its online store. Last week, Walmart and Target stopped selling the toy. Amazon began removing CloudPets on Tuesday morning.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.