Mobile application security best practices

Compare web and mobile testing tools from AWS, Microsoft and Google

Compare and contrast the mobile testing tools from the big three cloud vendors -- AWS Device Farm, Google Firebase Test Lab and Microsoft Visual Studio App Center Test. Continue Reading

By

• Amy Reichert

Sophos adds mobile threat defense app to Intercept X line

Intercept X for Mobile is compatible with iOS and Android devices, as well as Chrome OS and Chromebooks. It offers privacy protection, authentication and other security features. Continue Reading

By

• Taylor Driscoll

How do trusted app stores release and disclose patches?

A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis. Continue Reading

By

• Nick Lewis

Facebook and Google exploit Enterprise Certificate loophole on iOS

Both Facebook and Google were found to be exploiting a loophole in Apple's Developer Enterprise Program for iOS with apps used to gather data on users who installed them. Continue Reading

By

• Michael Heller, TechTarget

What are the best ways to prevent a SIM swapping attack?

SIM swapping is on the rise as the use of mobile devices increases. Discover what SIM swaps are, how they work and how they can be mitigated. Continue Reading

By

• Nick Lewis

Man-in-the-disk attack: How are Android products affected?

Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices should be protected with Nick Lewis. Continue Reading

By

• Nick Lewis

Why dating app security flaws should concern enterprises

Vulnerable dating apps on BYODs pose risks to more than just individual users. Find out what security flaws are common in these apps and what they mean for enterprises. Continue Reading

By

• Lena Young, Editorial Assistant

Facebook app permissions skirted rules to gather call logs

New email messages revealed that Facebook app permissions were carefully implemented to avoid alerting users to the fact that the Android app was gathering call log and SMS data. Continue Reading

By

• Michael Heller, TechTarget

How can users remove Google location tracking completely?

Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking entirely with expert Michael Cobb. Continue Reading

By

• Michael Cobb

Testing applications in production vs. non-production benefits

To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Why entropy sources should be added to mobile application vetting

NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made. Continue Reading

By

• Judith Myerson

How does the public Venmo API pose a threat for users?

The public Venmo API setting puts users at risk by providing detailed insight into their transactions and personal lives. Expert Michael Cobb discusses the risks of public APIs. Continue Reading

By

• Michael Cobb

Android Trojan: How is data being stolen from messaging apps?

Trustlook Labs discovered an Android Trojan stealing data from messaging apps. Learn what mobile security pros should look for to detect this malware with expert Nick Lewis. Continue Reading

By

• Nick Lewis

Risk & Repeat: Fortnite flaw disclosure enrages Epic Games

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite. Continue Reading

By

• Rob Wright, Senior News Director

Fortnite vulnerability on Android causes disclosure tension

Epic Games patched a Fortnite vulnerability in its Android installer, but Google's disclosure policy comes under fire once again as Epic Games' founder called the disclosure 'irresponsible.' Continue Reading

By

• Michael Heller, TechTarget

How does Google's new detection model find bad Android apps?

Malicious apps have been a consistent problem for the Google Play Store, so a new detection model has been released to help clean it up. Learn how this system works with Nick Lewis. Continue Reading

By

• Nick Lewis

How does an IMSI catcher exploit SS7 vulnerabilities?

A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts mobile communication at risk. Continue Reading

By

• Judith Myerson

Skygofree Trojan: What makes this spyware unique?

Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data. Continue Reading

By

• Nick Lewis

Trojan.AndroidOS.Loapi: What is this jack-of-all-trades malware?

Kaspersky researchers found a new Android malware that can physically harm phones. Learn how this works and the steps to mitigate the attack with expert Nick Lewis. Continue Reading

By

• Nick Lewis

Android vulnerability: How can users mitigate Janus malware?

The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis. Continue Reading

By

• Nick Lewis

Risk & Repeat: New concerns about smartphone spying

In this week's Risk & Repeat podcast, SearchSecurity editors discuss research that shows some Android apps record video of users' screens without permission or notifications. Continue Reading

By

• Rob Wright, Senior News Director

Researchers discover Android apps spying on users' screens

News roundup: Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. Continue Reading

By

• Rob Wright, Senior News Director

How to manage security threats to mobile devices

As mobile device security threats increase, IT administrators should know what they are up against and develop strategies to secure mobile devices from cyber attacks. Continue Reading

By

• Kristen Gloss

Unprotected Firebase databases leaked over 100 million records

Android and iOS mobile apps that use unprotected Firebase databases leaked over 100 million records that include PHI, financial records and authentication information. Continue Reading

By

• Madelyn Bacon, TechTarget

Fake WhatsApp app: How can counterfeit apps be avoided?

After a fake WhatsApp app was discovered in the Google Play Store, users are questioning what can be done to avoid counterfeit apps. Learn several techniques with Nick Lewis. Continue Reading

By

• Nick Lewis

Research claims 'widespread' Google Groups misconfiguration troubles

Researchers from Kenna Security claim a Google Groups misconfiguration has exposed sensitive data for many organizations, but it is unclear just how widespread the issue might be. Continue Reading

By

• Michael Heller, TechTarget

How did Strava's Global Heatmap disclose sensitive U.S. info?

Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked. Continue Reading

By

• Judith Myerson

Android P security improves authentication trust and data privacy

Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users. Continue Reading

By

• Michael Heller, TechTarget

What is included in the mPOS security standard from PCI SSC?

The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help. Continue Reading

By

• Michael Cobb

Com.google.provision virus: How does it attack Android devices?

The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common Malware Enumeration may help. Continue Reading

By

• Nick Lewis

ExpensiveWall malware: How does this SMS attack function?

A new SMS malware known as ExpensiveWall was recently discovered by Check Point. Learn how it infects devices and puts Android device users at risk with expert Nick Lewis. Continue Reading

By

• Nick Lewis

How can improper certificate pinning be stopped by the Spinner tool?

Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the Spinner tool. Continue Reading

By

• Michael Cobb

How does Tizi spyware affect Android apps?

Android apps affected by Tizi spyware were found in the Google Play Store by Google's Play Protect team. Expert Michael Cobb reviews the threat and how it was fixed. Continue Reading

By

• Michael Cobb

Mobile security issues require a unified approach

Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Counter mobile device security threats with unified tools

Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

CopyCat malware: How does this Android threat operate?

Check Point researchers discovered new Android malware named CopyCat, which has infected 14 million devices. Learn how this malware works and how it spread from expert Nick Lewis. Continue Reading

By

• Nick Lewis

The top six EMM vendors offering MDM capabilities

With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities. Continue Reading

By

• Matthew Pascucci

Comparing the leading mobile device management products

Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization. Continue Reading

By

• Matthew Pascucci

Six questions to ask before buying enterprise MDM products

Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products. Continue Reading

By

• Matthew Pascucci

Unknown apps: How does Android Oreo control installation?

Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Three enterprise scenarios for MDM products

Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data. Continue Reading

By

• Matthew Pascucci

Android bootloader: How does it work and what is the risk?

Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Email security issues: How to root out and solve them

Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Fake WhatsApp app downloaded 1 million times

A fake WhatsApp app bypassed Google's Play Store checks and was downloaded 1 million times, but one expert said Google's store is still the safest place to get apps. Continue Reading

By

• Michael Heller, TechTarget

Google Play bug bounty hunts RCE vulnerabilities

A Google Play bug bounty program, run by Google and HackerOne, asks testers to hunt for remote code execution vulnerabilities in some of the top Android apps. Continue Reading

By

• Michael Heller, TechTarget

How app libraries share user data, even without permission

A new study shows how app libraries can share data among apps, even without permission. Michael Cobb explains how library collusion works and what users can do about it. Continue Reading

By

• Michael Cobb

Users plagued by iOS app security issues, according to new research

News roundup: Researchers uncovered a large number of iOS app security risks. Plus, Viacom exposed its critical data through a misconfigured AWS S3 bucket, and more. Continue Reading

By

• Madelyn Bacon, TechTarget

How can users detect dangerous open ports in mobile apps?

Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can protect themselves. Continue Reading

By

• Michael Cobb

How to craft an application security strategy that's airtight

A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out. Continue Reading

How did flaws in WhatsApp and Telegram enable account takeovers?

Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work. Continue Reading

By

• Michael Cobb

Android sandboxing tools: How can work data separation be bypassed?

Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb explains how the attack works. Continue Reading

By

• Michael Cobb

Google tackles Android app privacy with machine learning

Google will use machine learning and automated peer review scans to improve Android app privacy and limit app permissions overreach. Continue Reading

By

• Michael Heller, TechTarget

What made iOS apps handling sensitive data vulnerable to MitM attacks?

A researcher discovered 76 iOS apps containing sensitive user data that were vulnerable to man-in-the-middle attacks. Expert Michael Cobb explains how developers can prevent this. Continue Reading

By

• Michael Cobb

The best endpoint security practices are evolving and essential

Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.

The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.

This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.

Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.

 Continue Reading

To secure Office 365, take advantage of controls Microsoft offers

Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Office 365 security features: As good as it gets?

Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Address Office 365 security concerns while enjoying its benefits

Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

How mobile application assessments can boost enterprise security

Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments. Continue Reading

By

• Christopher Crowley

Artificial intelligence data privacy issues on the rise

End users are in the crosshairs of business data privacy issues, especially when it comes to information gleaned from artificial intelligence technologies. Continue Reading

By

• Alyssa Provazza, Editorial Director

Google Play Protect looks to bolster Android app security

News roundup: The new Google Play Protect system aims to improve Android app security. Plus, Google Cloud IoT Core adds layer of device security, and more. Continue Reading

By

• Madelyn Bacon, TechTarget

What the end of hot patching mobile apps means for enterprise security

Apple now restricts mobile app developers from using hot patching, as the technique can change app behavior after it is reviewed. Expert Kevin Beaver goes over enterprise concerns. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC