This article is the second in a series illuminating the developer’s perspective on mobile app security by guest contributor and developer Evan Rose — managing partner at Rose Digital. The first post covered planning mobile API security, and in this installment Evan explains what developers need to keep in mind as they code their mobile apps.
There is no denying that mobile applications have become ubiquitous. For many companies, building an app is a foregone conclusion. We have applications for social, for fitness, for productivity, for business and even for things as sensitive as our finances. We are all increasingly turning over more of our personal information and data to applications
Researchers unveiled a startling discovery this week: 41 percent of the most popular Android apps that implement OAuth 2.0 allow an attacker to remotely impersonate any user account, access personal information from within the app, and make in-app purchases on the user’s dime. In this post I explain OAuth 2.0 and how it affects mobile app security and risk.