As DevOps takes hold in organizations, security teams often struggle to keep up with the volume and frequency of mobile app releases. The old ways of testing mobile apps for security vulnerabilities don’t scale particularly well because they’re generally time consuming and costly. Automated mobile appsec testing enables businesses to better manage risk and budget. Explore the options here and learn how it’s possible to scan apps on a continuous basis for less than $30 per day.
Your highlights from the week are as follows:
- GPlayed Android malware can gain almost complete control of a device
- Facebook Portal in-home camera can collect data for ads
- Apple iOS 12 has already been installed on 50% of all iPhones
- Industry watchers expect Apple to debut iPad Pro tablets this month
- Learn how to steer clear of sneaky subscription mobile apps
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“The new piece of Android malware has been called ‘GPlayed’ by Cisco’s Talos Intelligence Group. It disguises itself with an app icon that looks much like the Google Play Store’s, and it also calls itself ‘Google Play Marketplace’. Once downloaded to a victim’s Android phone, it gives hackers the ability to remotely load harmful code and software.”
As the recent Fortnite vulnerability and the GPlayed Trojan demonstrate, sideloading apps onto a phone or tablet instead of downloading them from a public app store is a dangerous proposition. iOS and Android apps from the Apple® App Store® and Google Play™ stores aren’t necessarily safe, either. Benchmark analysis from NowSecure reveals that an alarming 85% of apps from the public app stores violate one or more of the OWASP Mobile Top 10.
For a limited time, NowSecure is offering free access to our automated dynamic testing engine to continuously monitor the security of two mobile apps in production on the Apple® App Store® or Google Play™ for peace of mind.
“Revelations that the personal data of 87 million Facebook users was harvested for the purpose of political profiling in the build up to the 2016 US Presidential elections and the UK’s EU referendum of the same year, combined with more recent scandals surrounding the theft of 30 million user accounts, have contributed to the firm becoming the least-trusted brand for consumers when it comes to handling personal data.”
Stats make iOS a hard OS to ignore
“To be fair, the very nature of how iOS and Android are structured gives iOS a massive security advantage. It’s not that iOS’s code is more secure than Android’s. All in all, that’s pretty much a wash. It’s simply that Apple controls all iOS hardware and can therefore issue one integrated update for all devices at once.”
“The new iPad Pro is rumored to have slim bezels and Face ID, expanding Apple’s your-face-is-your-passcode technology beyond the iPhone for the first time. It’s also been reported that this year’s iPad Pro will switch over from Lightning to USB-C and be available in 11- and 12.9-inch display sizes.”
“Above all else, it’s up to you to not get scammed; Apple and Google can help by pulling offending apps from their various app stores, but the onus is on you to understand what you’re signing up for before you do it. Here are a few tricks you can use to not get suckered.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.