As the workweek draws to a close, we are looking forward to heading to San Francisco next week to participate in Jenkins World/DevOps World. Did you know that NowSecure plugs into Cloudbees Jenkins to automate the secure mobile dev pipeline? If you’re attending the conference, please reach out to book a meeting with the NowSecure team or stop by our booth.
Your highlights from the week are as follows:
- Improper use of open source software puts users at risk of data loss
- New Mexico lawsuit highlights mobile app data privacy concerns
- Carriers align to advance initiative to use mobile devices for authentication
- Mobile fraud surged to 150 million attack attempts in 1H2018
- Emergency apps were heavily downloaded prior to Hurricane Florence
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“A new study examined hundreds of popular Android apps for security vulnerabilities, finding that the improper use of open source software puts organizations and users at risk. That risk includes the loss of key data or compromised privacy, said the American Consumer Institute Center for Citizen Research (ACI), a non-profit consumer education and research organization.”
While the American Consumer Institute Center for Citizen Research study focuses specifically on Android apps, NowSecure has also uncovered worrisome findings in our benchmark testing of 45,000 Android and iOS apps. A full 85% of the apps we reviewed violate at least one of the OWASP Mobile Top 10.
The ACI recommends that mobile app developers scan their binary files to pinpoint and fix vulnerabilities and NowSecure strongly agrees with that advice. See how the NowSecure AUTO mobile appsec testing tool plugs into the SDLC to yield results within minutes.
New Mexico sues mobile app makers over kid privacy concerns
“The lawsuit accuses advertising businesses run by Google, Twitter and three other companies, along with the app maker Tiny Lab Productions, of violating a law meant to keep private the personal data of children under 13.”
” ‘Project Verify’ ” from a consortium of AT&T, Verizon Wireless, T-Mobile US, and Sprint, was unveiled in a demo yesterday. It works similarly to other multi-factor authentication systems by letting users approve or deny login requests from other websites and apps, reducing the number of times users must enter passwords.”
“Crowned the most downloaded app as a result of last year’s hurricanes Harvey and Irma, Zello — a walkie-talkie app used by rescuers to communicate in crisis areas — on Wednesday surged to the lead in Apple’s App Store, while also trending on Google Play.”
Mobile Fraud Soars 24% Year-on-Year
“Mobile is quickly becoming the predominant way people access online goods and services, and as a result organizations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, chief identity officer at ThreatMetrix.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.