What is Jailbreaking iOS — ie: What does it mean to Jailbreak an iPhone?

Jailbreaking is the process of unlocking the iOS operating system on an Apple mobile device. Jailbreaking is a form of administrative privilege escalation, which bypasses Apple’s restrictions, resulting in full administrative control over the OS (the highest level of administrative privilege possible). Jailbreaking is often accomplished by exploiting bugs in Apple’s software/firmware or modifying system kernels to allow read and write access to the file system. Jailbreaking is one of the primary methods/tools for every hacker — both black hat hackers and white hat hackers (eg: penetration testers or security researchers). They all use Jailbreaking in similar ways (to compromise…

How to use SSL Certificate Validation & Certificate Pinning to Prevent Phishing

What is Mobile Phishing?

Mobile Phishing is a cybercrime in which an attacker impersonates a legitimate/trusted institution and uses social engineering techniques to trick mobile users into doing what the hacker wants. The goal of phishing is usually either to trick mobile users into providing sensitive information (e.g. PII, username/password, SS #, banking details, credit card info, etc) or to download/install malware (for example using a fake app, or clone, or malware embedded inside a legitimate app). There are many many different forms and variants of phishing, such as spearphishing (high-value targets, usually execs), vishing (voicemail based), smishing (SMS based), and much more. Phishing…

In preparing for APIWorld I came across a Forbes article about a vulnerability in Uber’s Mobile API which prompted me to ask the question: how secure are your Mobile APIs. I decided to have a look at Uber’s app myself and build mobile app and API Security into the Uber app using a no-code platform. I recorded a video showing how I secured the app. You can view the video at the bottom of this blog post.

Back to the API Security vulnerabilities found by the security researcher: The Forbes article explains how a white-hat security researcher was able to…

I want to thank everyone for reading my 1st blog on Appdome’s COVID-19 Mobile Consumer Survey. That blog revealed critical mobile consumer data, from over 4000 respondents in the United States and globally: (1) consumers are using mobile apps more than ever in COVID-19, (2) consumer confidence in using mobile apps is at an all-time low, and (3) more than two-thirds of mobile app consumers feel very strongly that mobile app makers have a higher duty to protect mobile apps and users in COVID-19.

In this blog, I’ll cover the threats mobile consumers fear most. Understanding this voice of the…

This article provides detailed information on no-code mobile app obfuscation, including detailed step-by-step instructions on how to implement obfuscation in any iOS or Android app in seconds — no coding required.

About Mobile App Obfuscation

In recent years, decompilers have reached a maturity level that allows recovering source code back from mobile apps with ease. Obfuscation has become a well established preventive measure developers use against static reverse engineering attempts.

What sets various obfuscation solutions apart is several things:

1. Ease of use
   This can range from using specialized compilers to post-build tools.
2. Performance Some obfuscation methods incur a performance penalty, while others do not…

COVID-19 has transformed the mobile app economy in some big ways. Overnight, more people and more businesses than ever are using and relying on mobile apps. Here at Appdome, we wanted to know if mobile consumer expectations about the security in mobile apps has also shifted. And if so, by how much — so we asked mobile users directly. Understanding mobile consumer perspectives is critical to building sustainable mobile economies, protecting mobile data, and protecting mobile users. We hope you find this COVID-19 Mobile Consumer Survey research useful in building your own mobile business.

Executive Summary of Appdome’s COVID-19 Mobile Consumer Survey

This is a four-part blog series…

COVID-19 has transformed the mobile app economy in some big ways. Overnight, more people and more businesses than ever are using and relying on mobile apps. Here at Appdome, we wanted to know if mobile consumer expectations about the security in mobile apps has also shifted. And if so, by how much — so we asked mobile users directly. Understanding mobile consumer perspectives is critical to building sustainable mobile economies, protecting mobile data, and protecting mobile users. We hope you find this COVID-19 Mobile Consumer Survey research useful in building your own mobile business.

Executive Summary of Appdome’s COVID-19 Mobile Consumer Survey

This is a four-part blog series…

Working in mobile security over the last 5 years I often get asked the same combination or variant the following questions:

1. What’s the difference between native apps and non-native apps?
2. What’s the difference between “cross-platform” apps and “hybrid apps”?
3. How do cross-platform apps and hybrid apps relate to the ‘native vs non-native’ app question?
4. And finally what are Progressive Web Apps (PWA) and how do they fit into the mix?

Sooooo, if you’re not a mobile developer this all may sound like alphabet soup to you. Well, don’t worry you’re not alone. As I said, I get these questions all…