In this blog post, I’ll discuss how to prevent MFA Bypass attacks which are becoming an increasingly more common tool for cybercriminals to compromise iOS and Android apps and steal user data. Multi-factor authentication (MFA) is one of the most widely recommended best-practices that security experts recommend — to defend…

For brands that rely on Android and iOS apps as a key part of their business (which is most brands today), protecting the information stored in or used by mobile apps is critical to protecting your intellectual property and ensuring a secure mobile experience for your users. For many organizations…

Parallel Space is a popular virtualization app that allows mobile users to make clones of Android apps and create multiple accounts for the same app that can run on the same physical “device”. It works by creating a separate container (an isolated environment where you can run other apps inside…

What “Shift Left” security really means for SDK Vendors Shift left your application security. Just press the pause button on your continuous delivery pipeline and ask your developers to download our poorly documented SDK…err…actually email our devrel team for the sdk cuz we don’t publish our sdk to the public…

In this blog post, I’ll discuss the security implications of crypto wallets and offer some tips to mobile developers on how to secure crypto wallets and protect their users’ crypto. There’s no denying that the crypto market is on fire. Whether you consider it to be ‘all-hype’ or ‘the future…

This is a multi-part blog series on mobile SDKs. I’ll describe mobile SDKs from a comprehensive standpoint and answer all the burning questions you might have about mobile SDKs, including: What are mobile SDKs, how are they used, why do people create them, and why are they important to the…

This is a multi-part blog series about Reverse Engineering, a fundamental building block in every hacker’s tool-chain for compromising mobile applications. Throughout different blogs in this series, I’ll explain the major types of reverse engineering (including static analysis and dynamic analysis), including why hackers do it, what information they learn…

DevSec Blog | How to Block StrandHogg Malware on Android Apps Overlay Attacks — a New Spin on an Old Trick —How StrandHogg innovates To Stay Relevent This blog post is a continuation of my previous blog on how malware adapts itself and evolves based on conditions it encounters in…

The state of mobile app security is weak AF; a large majority of Android and iOS apps lack even the most basic security protections and can be compromised with very little time and effort. At my company, our white-hat security team routinely tests a wide variety of Android and iOS…