Are you new to mobile application security testing? Market noise can make it difficult to evaluate tools and sniff out the veracity of various vendor claims. Inspired by a Department of Defense guide called “Detecting Agile BS,” we sought to provide a similar resource for security analysts, developers and managers.
To sort the wheat from the chaff, consult our blog for a list of core capabilities and key questions to ask of your prospective vendors of static and dynamic mobile appsec testing tools.
Your highlights for the week are as follows:
- Los Angeles sues maker of the Weather Channel app
- Discover practical examples for getting started with R2Frida
- Google Play suspends 85 adware-laden apps
- Analysis uncovers WhatsApp vulnerability
- Facebook can’t be deleted from some Samsung smartphones
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“ ‘If the price of getting a weather report is going to be the sacrifice of your most personal information about where you spend your time day and night, you sure as heck ought to be told clearly in advance,’ L.A. City Attorney Michael Feuer told the Los Angeles Times. The city deems the lack of disclosure to be ‘fraudulent and deceptive,’ and claims it’s in violation of California’s Unfair Competition Law.”
“This unofficial wiki provides a tutorial with practical examples for using the reverse engineering R2Frida toolkit.”
NowSecure security researchers Pancake and Ole André Vadla Ravnås joined forces to create the powerful R2Frida mobile app security tool. R2Frida is based on the Radare and Frida open-source tools they created. Learn what the integrated tool offers researchers and more about the daily work of another of our team’s mobile security research engineers.
85 Adware Apps in Google Play Installed 9 Million Times
“85 apps in Google Play that collectively have been installed nine million times by users all over the world came with an adware strain capable of pouring fullscreen adverts at regular intervals or when the user unlocks the device. None of the apps had real functionality and their true purpose was to make money for their developer by dropping a deluge of advertisements on the devices that installed them.”
“Looks like WhatsApp, one of the world’s most popular messaging apps, is plagued with a nasty bug. If claims are true, the issue exposes your WhatsApp messages history in plain text, meaning anyone can see it.”
“Many Android phone users have begun to question Samsung’s deal to sell phones with a permanent version of Facebook — and some of them are complaining on social media.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.