Mobile application security best practices
Mobile applications can expose enterprises to serious risks. This guide provides the basic of mobile application security, including news on mobile app flaws to best practices for secure application development.
Top Stories
-
News
06 May 2021
Popular mobile apps leaking AWS keys, exposing user data
Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk. Continue Reading
-
News
26 May 2020
StrandHogg 2.0 allows attackers to imitate most Android apps
A new elevation-of-privilege vulnerability on Android, dubbed StrandHogg 2.0, allows threat actors to gain access to most apps, according to Norwegian mobile security firm Promon. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Jan 2020
Sophos adds mobile threat defense app to Intercept X line
Intercept X for Mobile is compatible with iOS and Android devices, as well as Chrome OS and Chromebooks. It offers privacy protection, authentication and other security features. Continue Reading
-
Answer
15 Feb 2019
How do trusted app stores release and disclose patches?
A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis. Continue Reading
By -
News
31 Jan 2019
Facebook and Google exploit Enterprise Certificate loophole on iOS
Both Facebook and Google were found to be exploiting a loophole in Apple's Developer Enterprise Program for iOS with apps used to gather data on users who installed them. Continue Reading
By- Michael Heller, TechTarget
-
Answer
25 Jan 2019
What are the best ways to prevent a SIM swapping attack?
SIM swapping is on the rise as the use of mobile devices increases. Discover what SIM swaps are, how they work and how they can be mitigated. Continue Reading
By -
Answer
21 Jan 2019
Man-in-the-disk attack: How are Android products affected?
Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices should be protected with Nick Lewis. Continue Reading
By -
News
31 Dec 2018
Why dating app security flaws should concern enterprises
Vulnerable dating apps on BYODs pose risks to more than just individual users. Find out what security flaws are common in these apps and what they mean for enterprises. Continue Reading
By- Lena Young, Editorial Assistant
-
News
07 Dec 2018
Facebook app permissions skirted rules to gather call logs
New email messages revealed that Facebook app permissions were carefully implemented to avoid alerting users to the fact that the Android app was gathering call log and SMS data. Continue Reading
By- Michael Heller, TechTarget
-
Answer
06 Dec 2018
How can users remove Google location tracking completely?
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking entirely with expert Michael Cobb. Continue Reading
By -
Tip
04 Dec 2018
Testing applications in production vs. non-production benefits
To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
08 Nov 2018
Why entropy sources should be added to mobile application vetting
NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made. Continue Reading
-
Answer
06 Nov 2018
How does the public Venmo API pose a threat for users?
The public Venmo API setting puts users at risk by providing detailed insight into their transactions and personal lives. Expert Michael Cobb discusses the risks of public APIs. Continue Reading
By -
Answer
26 Sep 2018
Android Trojan: How is data being stolen from messaging apps?
Trustlook Labs discovered an Android Trojan stealing data from messaging apps. Learn what mobile security pros should look for to detect this malware with expert Nick Lewis. Continue Reading
By -
Podcast
06 Sep 2018
Risk & Repeat: Fortnite flaw disclosure enrages Epic Games
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite. Continue Reading
By- Rob Wright, Senior News Director
-
News
28 Aug 2018
Fortnite vulnerability on Android causes disclosure tension
Epic Games patched a Fortnite vulnerability in its Android installer, but Google's disclosure policy comes under fire once again as Epic Games' founder called the disclosure 'irresponsible.' Continue Reading
By- Michael Heller, TechTarget
-
Answer
27 Aug 2018
How does Google's new detection model find bad Android apps?
Malicious apps have been a consistent problem for the Google Play Store, so a new detection model has been released to help clean it up. Learn how this system works with Nick Lewis. Continue Reading
By -
Answer
20 Aug 2018
How does an IMSI catcher exploit SS7 vulnerabilities?
A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts mobile communication at risk. Continue Reading
-
Answer
15 Aug 2018
Skygofree Trojan: What makes this spyware unique?
Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data. Continue Reading
By -
Answer
20 Jul 2018
Trojan.AndroidOS.Loapi: What is this jack-of-all-trades malware?
Kaspersky researchers found a new Android malware that can physically harm phones. Learn how this works and the steps to mitigate the attack with expert Nick Lewis. Continue Reading
By -
Answer
16 Jul 2018
Android vulnerability: How can users mitigate Janus malware?
The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis. Continue Reading
By -
Podcast
11 Jul 2018
Risk & Repeat: New concerns about smartphone spying
In this week's Risk & Repeat podcast, SearchSecurity editors discuss research that shows some Android apps record video of users' screens without permission or notifications. Continue Reading
By- Rob Wright, Senior News Director
-
News
06 Jul 2018
Researchers discover Android apps spying on users' screens
News roundup: Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
03 Jul 2018
How to manage security threats to mobile devices
As mobile device security threats increase, IT administrators should know what they are up against and develop strategies to secure mobile devices from cyber attacks. Continue Reading
-
News
22 Jun 2018
Unprotected Firebase databases leaked over 100 million records
Android and iOS mobile apps that use unprotected Firebase databases leaked over 100 million records that include PHI, financial records and authentication information. Continue Reading
By- Madelyn Bacon, TechTarget
-
Answer
12 Jun 2018
Fake WhatsApp app: How can counterfeit apps be avoided?
After a fake WhatsApp app was discovered in the Google Play Store, users are questioning what can be done to avoid counterfeit apps. Learn several techniques with Nick Lewis. Continue Reading
By -
News
05 Jun 2018
Research claims 'widespread' Google Groups misconfiguration troubles
Researchers from Kenna Security claim a Google Groups misconfiguration has exposed sensitive data for many organizations, but it is unclear just how widespread the issue might be. Continue Reading
By- Michael Heller, TechTarget
-
Answer
28 May 2018
How did Strava's Global Heatmap disclose sensitive U.S. info?
Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked. Continue Reading
-
News
10 May 2018
Android P security improves authentication trust and data privacy
Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users. Continue Reading
By- Michael Heller, TechTarget
-
Answer
30 Apr 2018
What is included in the mPOS security standard from PCI SSC?
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help. Continue Reading
By -
Answer
15 Mar 2018
Com.google.provision virus: How does it attack Android devices?
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common Malware Enumeration may help. Continue Reading
By -
Answer
12 Mar 2018
ExpensiveWall malware: How does this SMS attack function?
A new SMS malware known as ExpensiveWall was recently discovered by Check Point. Learn how it infects devices and puts Android device users at risk with expert Nick Lewis. Continue Reading
By -
Answer
09 Mar 2018
How can improper certificate pinning be stopped by the Spinner tool?
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the Spinner tool. Continue Reading
By -
Answer
06 Mar 2018
How does Tizi spyware affect Android apps?
Android apps affected by Tizi spyware were found in the Google Play Store by Google's Play Protect team. Expert Michael Cobb reviews the threat and how it was fixed. Continue Reading
By -
Tip
08 Feb 2018
Mobile security issues require a unified approach
Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
08 Feb 2018
Counter mobile device security threats with unified tools
Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Answer
30 Jan 2018
CopyCat malware: How does this Android threat operate?
Check Point researchers discovered new Android malware named CopyCat, which has infected 14 million devices. Learn how this malware works and how it spread from expert Nick Lewis. Continue Reading
By -
Feature
08 Jan 2018
The top six EMM vendors offering MDM capabilities
With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities. Continue Reading
-
Feature
08 Jan 2018
Comparing the leading mobile device management products
Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization. Continue Reading
-
Feature
05 Jan 2018
Six questions to ask before buying enterprise MDM products
Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products. Continue Reading
-
Answer
05 Jan 2018
Unknown apps: How does Android Oreo control installation?
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Feature
04 Jan 2018
Three enterprise scenarios for MDM products
Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data. Continue Reading
-
Answer
04 Jan 2018
Android bootloader: How does it work and what is the risk?
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
09 Nov 2017
Email security issues: How to root out and solve them
Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
07 Nov 2017
Fake WhatsApp app downloaded 1 million times
A fake WhatsApp app bypassed Google's Play Store checks and was downloaded 1 million times, but one expert said Google's store is still the safest place to get apps. Continue Reading
By- Michael Heller, TechTarget
-
News
20 Oct 2017
Google Play bug bounty hunts RCE vulnerabilities
A Google Play bug bounty program, run by Google and HackerOne, asks testers to hunt for remote code execution vulnerabilities in some of the top Android apps. Continue Reading
By- Michael Heller, TechTarget
-
Tip
19 Oct 2017
How app libraries share user data, even without permission
A new study shows how app libraries can share data among apps, even without permission. Michael Cobb explains how library collusion works and what users can do about it. Continue Reading
By -
News
22 Sep 2017
Users plagued by iOS app security issues, according to new research
News roundup: Researchers uncovered a large number of iOS app security risks. Plus, Viacom exposed its critical data through a misconfigured AWS S3 bucket, and more. Continue Reading
By- Madelyn Bacon, TechTarget
-
Answer
14 Sep 2017
How can users detect dangerous open ports in mobile apps?
Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can protect themselves. Continue Reading
By -
Guide
30 Aug 2017
How to craft an application security strategy that's airtight
A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out. Continue Reading
-
Answer
07 Aug 2017
How did flaws in WhatsApp and Telegram enable account takeovers?
Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work. Continue Reading
By -
Answer
14 Jul 2017
Android sandboxing tools: How can work data separation be bypassed?
Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb explains how the attack works. Continue Reading
By -
News
14 Jul 2017
Google tackles Android app privacy with machine learning
Google will use machine learning and automated peer review scans to improve Android app privacy and limit app permissions overreach. Continue Reading
By- Michael Heller, TechTarget
-
Answer
12 Jul 2017
What made iOS apps handling sensitive data vulnerable to MitM attacks?
A researcher discovered 76 iOS apps containing sensitive user data that were vulnerable to man-in-the-middle attacks. Expert Michael Cobb explains how developers can prevent this. Continue Reading
By -
E-Zine
10 Jul 2017
The best endpoint security practices are evolving and essential
Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.
The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.
This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.
Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.
Continue Reading -
Tip
12 Jun 2017
To secure Office 365, take advantage of controls Microsoft offers
Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
12 Jun 2017
Office 365 security features: As good as it gets?
Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
12 Jun 2017
Address Office 365 security concerns while enjoying its benefits
Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
06 Jun 2017
How mobile application assessments can boost enterprise security
Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments. Continue Reading
By- Christopher Crowley
-
News
26 May 2017
Artificial intelligence data privacy issues on the rise
End users are in the crosshairs of business data privacy issues, especially when it comes to information gleaned from artificial intelligence technologies. Continue Reading
By- Alyssa Provazza, Editorial Director
-
News
19 May 2017
Google Play Protect looks to bolster Android app security
News roundup: The new Google Play Protect system aims to improve Android app security. Plus, Google Cloud IoT Core adds layer of device security, and more. Continue Reading
By- Madelyn Bacon, TechTarget
-
Tip
17 May 2017
What the end of hot patching mobile apps means for enterprise security
Apple now restricts mobile app developers from using hot patching, as the technique can change app behavior after it is reviewed. Expert Kevin Beaver goes over enterprise concerns. Continue Reading
By- Kevin Beaver, Principle Logic, LLC