October 23, 2024 at 11:53AM Research by Symantec reveals that several popular mobile apps expose hardcoded, unencrypted cloud service credentials, risking severe security breaches. Apps for both Android and iPhone include sensitive Amazon Web Services and Microsoft Azure credentials. This highlights the urgent need for improved security practices in mobile app development to mitigate such … Read more
October 22, 2024 at 04:23PM A report by Symantec reveals that numerous mobile apps for iOS and Android contain hardcoded, unencrypted cloud service credentials, risking user data exposure. This vulnerability, stemming from poor development practices, could allow unauthorized data access. Developers are urged to adopt best practices to safeguard sensitive information in apps. ### Meeting … Read more
June 26, 2024 at 09:35AM Snowblind, a new Android malware, bypasses app anti-tampering protections by abusing the seccomp security feature. It targets apps handling sensitive data, intercepts system calls, and manipulates processes to avoid detection and modify app behavior. Google Play Protect offers automatic protection, but the malware’s techniques could pose a threat to Android … Read more
April 29, 2024 at 01:12PM Google announced that enhanced security measures blocked 2.28 million privacy-violating apps from its Google Play store in 2023. Investments in security features, policies, and machine learning helped identify bad actors and ban 333,000 accounts. Google also collaborated with SDK providers to enhance user privacy and expanded the Google Play SDK … Read more
December 1, 2023 at 08:24AM Researchers uncovered an Android malware, FjordPhantom, targeting Southeast Asian banking customers via messaging services. It evades detection through virtualization, enabling unauthorized data access without root privileges, by pretending to offer legitimate banking app features while executing malicious activities. Takeaways from the Meeting Notes: 1. A new Android malware known as … Read more
November 3, 2023 at 12:54PM Google Play is now tagging VPN apps with an ‘independent security reviews’ badge if they have undergone an independent security audit. The audit follows the Mobile App Security Assessment (MASA) standard, which sets requirements for data storage, cryptography, authentication, and more. The badge aims to enhance transparency and trust. NordVPN, … Read more