Last week open-source software experts, mobile application DevSecOps leaders and practitioners and federal government specialists convened in Washington, D.C., at the first annual NowSecure Connect conference. The purpose of #Connect19 was to connect people, ideas, and technology by bringing together the top global technologists and industry thought leaders with a shared passion for delivering secure mobile apps at scale. At the end of the event, our goal was to ensure everyone walked away from the Kaiser Permanente Center for Total Health with new knowledge, insights and professional connections with peers.
Mobile app developers often use deep links to improve the user experience and engagement by helping users navigate from the web to their app. However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes. This blog will explain how this vulnerability can be exploited and how to safeguard your app by using the more secure version of deep links, App Links.