NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

magnifying glass icon
Marco Grassi

Marco Grassi

Former Mobile Security Analyst at NowSecure

Marco performs reverse engineering, penetration testing, and vulnerability research focusing on mobile OSs, apps, and devices.

The Nightmare Behind the Cross-Platform Apps Dream

Recently at Black Hat Asia 2015 in Singapore, NowSecure mobile researchers Marco Grassi and Sebastián Guerrero Selma gave a well-received presentation about cross platform frameworks and the unique security vulnerabilities they present. Due to the proliferation of mobile platforms in recent years, apps are increasingly created on cross-platform frameworks including PhoneGap, Unity3D, Adobe Air, Appcelerator and others. These frameworks can greatly simplify the mobile app development process by allowing developers to code once and then run on every mobile platform instead of having to write individualized, platform-specific code for Android, iOS, Blackberry and others. But this convenience often comes at the price of security. Code reuse creates a uniform attack surface. Vulnerabilities are shared between different apps, which means an attack that works on one app has a high probability of working on other apps that utilize the same cross-platform framework. You can learn more about the troubling security implications cross-platform frameworks present by checking out Marco and Sebastián’s presentation deck below.

About Marco

Marco Grassi joined NowSecure in 2012 as a member of the R&D Team, where he researches and develops solutions for mobile security products and performs reverse engineering, pentesting and vulnerability research in mobile OS applications and devices. When he’s not poking around mobile devices, he enjoys developing embedded systems and electronic systems. He has spoken at several international security conferences such as ZeroNights, Black Hat and Codegate. You can find him on Twitter at @marcograss.

About Sebastián

Sebastián Guerrero Selma’s work includes research in mobile security and web security, developing tools and techniques for vulnerability assessment and post-exploitation of mobile devices and applications, and reverse engineering embedded platforms and mobile platforms. In the last few years, he has spoken at several security conferences such as RootedCON, NoConName, and RSA. You can find him on Twitter at @0xroot.