Let’s examine how Android apps programmed using Kotlin could render Security By Obscurity ineffective. Kotlin is a statically-typed, general purpose language which was designed to interoperate fully with Java and the Java Virtual Machine. Android initially supported Kotlin in 2017 and it recently emerged as the preferred language Google recommends for Android app development. Kotlin Android apps offer a great example of why static analysis of binaries is better than static analysis of source code.
Mobile app developers often use deep links to improve the user experience and engagement by helping users navigate from the web to their app. However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes. This blog will explain how this vulnerability can be exploited and how to safeguard your app by using the more secure version of deep links, App Links.
Session replay is a technique that allows app developers to view screenshots, screen recordings, and touch events of how a user interacts with an app. Depending on how this technique is implemented, it can have some serious impacts to a user’s privacy. Based on recent news event, Apple already has started to notify app developers that they should obtain consent and inform users if they are being recorded.
Amidst increasing concern over compliance with the Children’s Online Privacy Protection Act and data privacy, we tested 50 Android mobile apps for young kids for security and privacy risk. The findings show worrisome vulnerabilities in webview, network and Inter-Component Communication.
We recently conducted a study of 3,000 apps published on the Google Play™ store to see whether Android developers are using the Google SafetyNet Attestation API and found that only a smattering of the more popular Android apps have taken advantage of it.