Uber's 5min and iOS 11

Sep 12, 2017 7:26:52 AM / by Himanshu Dwivedi posted in Mobile App Security, privacy, Apple

In the fall of 2016, Uber inserted a feature in its mobile apps allowing the company to track user location approximately 5 minutes after a recent trip had ended.  The feature came with a whirlwind of controversy, as many riders felt it was an invasion of their privacy, especially since the 5 minutes after an Uber trip would probably pinpoint the exact location of a person’s home, office, or some other private location. While Uber may have had good intentions, the company did not share the benefits of the feature with the general public, nor did they disclose the feature itself (it was made public by 3rd party sources outside of Uber). This feature, among several other things, hurt Uber’s image as it pertains to end-user privacy.



Read More

Apple's Planet of The Apps - Are They Secure?

Jul 12, 2017 11:55:55 AM / by Himanshu Dwivedi posted in Mobile App Security, privacy, Apple

Apple has launched a new reality TV show called Planet of the Apps. Similar to the popular TV show Shark Tank, each week app publishers will pitch their iOS apps to a celebrity panel of judges including Jessica Alba, Gwyneth Paltrow, Gary Vaynerchuk, and will.i.am. The celebrity judges will decide if the app publishers advance to the next stage, which is a meeting with venture capitalists who may invest in their companies.


Read More

Google and California Privacy Policy Requirements

Jun 28, 2017 11:02:37 AM / by Himanshu Dwivedi posted in Mobile App Security, privacy

In 2017, both Google Play and the California Online Privacy Protection Act (CALOPPA) require mobile application publishers to provide a valid privacy policy on the App's Google Play page, especially if the App is requesting one or more of the following sensitive permissions:

 

Read More

The Wall of Shame - Part 1

Jun 14, 2017 1:12:05 PM / by Himanshu Dwivedi posted in Mobile App Security

Shield-from-Shame

Part 1: Open Ports on Anroid Apps

 

Read More

Mobile App Security: App Store vs. Google Play

May 24, 2017 11:44:48 AM / by Himanshu Dwivedi posted in Mobile App Security

A Statistical Security Comparison
Part 1: TLS Enforcement (ATS vs. NSC)

Read More

Sleeping with the Friend-Enemy: Mobile Apps and their SDKs

Apr 27, 2017 11:12:00 AM / by Himanshu Dwivedi posted in Mobile App Security

Third party SDKs can undermine the security of your mobile app, all unbeknownst to you. Mobile applications, including iOS, Android, and WinMo apps, are built using native code usually written by developer teams; however, a chunk of the code is always sourced from 3rd party SDKs (commercial or open source). Leveraging external components is very normal for mobile apps, as 99% of all apps have some sort of 3rd-party commercial or open source SDK embedded in the binary. So what is the problem here? The big issue is that 3rd-party SDKs have FULL access to the app 's private data, permissions, network connections, TLS sessions, etc. There is no separation nor sandbox between the app’s internal code and the 3rd-party SDK. Once the SDK is included, the SDK *is* the app too, which includes all commercial for-profit SDKs and as well as the two-person developer projects on GitHub.

Read More

Subscribe to Email Updates

Recent Posts