As continued revelations regarding the extent to which mobile apps share private user data dominate headlines, it’s imperative for any organization developing mobile apps to review their existing mobile app security program to ensure it properly safeguards customer data.
With that in mind, consult this brief checklist our experts recommend for building or expanding a mobile appsec testing program.
Your highlights from this week are as follows:
- Major T-Mobile breach compromised personal data of 2 million customers
- Rumors about new iPhone features and prices continue to leak
- App store commission backlash threatens Apple and Google revenue
- 23andMe halts developer access to raw genetic information
- Amidst audit, Facebook bans one app and suspends 400 others
- Google slapped with a lawsuit over location history tracking
- Malicious app maker capitalized on hype around cryptocurrency
- iOS 12 security enhancements to include stronger password management and two-factor authentication
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“In a brief intrusion, hackers stole ‘some’ customer data including names, email addresses, account numbers, and other billing information. The good news is that they did not get credit card numbers, social security numbers, or passwords, according to the company.”
“This year, there have been a ton of rumors that indicate Apple will announce not one, not two, but three new iPhones: One with a larger screen, one that’s more affordable and one with three rear cameras like the Huawei P20 Pro.”
While future devices generate excitement, there’s a huge installed base of existing iPhones running risky mobile apps. NowSecure offers automated appsec testing on factory-standard jailed devices to provide in-depth static, dynamic and behavioral analysis.
“At the moment it appears the only apps to be banned as a direct consequence of Facebook’s probe are myPersonality and This Is Your Digital Life. It’s understandable that Facebook wouldn’t want to drag innocent developers name through the mud until they’ve fully investigated.”
“A backlash against the app stores of Apple Inc. and Google is gaining steam, with a growing number of companies saying the tech giants are collecting too high a tax for connecting consumers to developers’ wares.”
Defending their revenue stream, Apple and Google emphasize their ability to filter out fake apps and malicious software. Recently, hackers have taken advantage of the maker of the popular video game Fortnite’s decision to bypass the Google app store, putting users at risk.
“23andMe hasn’t said if the move is designed to retain control over its data or in response to concerns about user privacy. The company had plans several years ago to launch an app store, according to two people familiar with the matter, but opted not to move forward with the project because of challenges with vetting third-party developers.”
“The lawsuit was filed on Friday, the day Google updated its help page to clarify that with Location History off it still stores some location data in other services such as Google Search and Maps.”
“There is an illegitimate ‘Ethereum’ app that claims to sell you one Ether (the cryptocurrency derived from the Ethereum blockchain). Except it’s a scam – users are being tricked into buying a picture of its logo.”
The security changes you can expect in iOS 12
“Many of the updates in iOS 12 seem to indicate that Apple wants to make it easier for everyone to manage their passwords, even if they don’t want to exclusively use Apple products. Of course, their preference is that iOS users stick with Safari, so the bulk of these updates will only work when it is being used as the web browser.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.