What CSOs Should Know

The Wall of Shame - Part 1

[fa icon='calendar'] Jun 14, 2017 1:12:05 PM / by Himanshu Dwivedi posted in Mobile App Security

Shield-from-Shame

Part 1: Open Ports on Anroid Apps

 

Read More [fa icon="long-arrow-right"]

Mobile App Security: App Store vs. Google Play

[fa icon='calendar'] May 24, 2017 11:44:48 AM / by Himanshu Dwivedi posted in Mobile App Security

A Statistical Security Comparison
Part 1: TLS Enforcement (ATS vs. NSC)

Read More [fa icon="long-arrow-right"]

Sleeping with the Friend-Enemy: Mobile Apps and their SDKs

[fa icon='calendar'] Apr 27, 2017 11:12:00 AM / by Himanshu Dwivedi posted in Mobile App Security

Third party SDKs can undermine the security of your mobile app, all unbeknownst to you. Mobile applications, including iOS, Android, and WinMo apps, are built using native code usually written by developer teams; however, a chunk of the code is always sourced from 3rd party SDKs (commercial or open source). Leveraging external components is very normal for mobile apps, as 99% of all apps have some sort of 3rd-party commercial or open source SDK embedded in the binary. So what is the problem here? The big issue is that 3rd-party SDKs have FULL access to the app 's private data, permissions, network connections, TLS sessions, etc. There is no separation nor sandbox between the app’s internal code and the 3rd-party SDK. Once the SDK is included, the SDK *is* the app too, which includes all commercial for-profit SDKs and as well as the two-person developer projects on GitHub.
Read More [fa icon="long-arrow-right"]