This article is the second in a series illuminating the developer’s perspective on mobile app security by guest contributor and developer Evan Rose — managing partner at Rose Digital. The first post covered planning mobile API security, and in this installment Evan explains what developers need to keep in mind as they code their mobile apps.
This is part two of three in a series about building a mobile app security program from NowSecure Director of Services Katie Strzempka. Part one defines a mobile app security program and summarizes how to create a high-efficiency team. Part two explains how to choose the right mobile app security testing tools to drive consistency in
This blog post is one of three about managing a successful mobile app security program from Katie Strzempka, director of mobile app security services for NowSecure. Part one introduces a framework for a mobile app security program, training and education, and how to create a high-efficiency team. Part two discusses mobile app security testing tools
An attacker can exploit iOS WebViews to make automatic calls to an attacker-controlled phone number OR FaceTime address. Our research has found that FaceTime URL (facetime://) handlers are frequently overlooked in iOS applications. The oversight allows an attacker to potentially capture a video or snapshot of the affected user by directing them to a webpage from within a vulnerable WebView.
Researchers unveiled a startling discovery this week: 41 percent of the most popular Android apps that implement OAuth 2.0 allow an attacker to remotely impersonate any user account, access personal information from within the app, and make in-app purchases on the user’s dime. In this post I explain OAuth 2.0 and how it affects mobile app security and risk.
Where would you rank mobile app security in your overall information security program? Is it a top priority? Maybe you’ve prioritized it somewhere in the middle where you have a budget but know you have plenty of room for improvement. Or, do you consider it a nice-to-have that you’ll address eventually? If you’re like many