how to prevent MFA Bypass attacks, a more common tool for cybercriminals to exploit mobile apps.
how to prevent MFA Bypass attacks, a more common tool for cybercriminals to exploit mobile apps.

In this blog post, I’ll discuss how to prevent MFA Bypass attacks which are becoming an increasingly more common tool for cybercriminals to compromise iOS and Android apps and steal user data.

Multi-factor authentication (MFA) is one of the most widely recommended best-practices that security experts recommend — to defend against unauthorized access to sensitive systems and data via insecure mobile apps. It’s alarming, though not terribly surprising, to see that hackers are getting better at defeating security defenses using a variety of sophisticated MFA Bypass methods. They are even using malware, bots, and highly automated tools and techniques to…


Hackers Jailbreak iPhones to compromise iOS and gain full administrative control over the enviorment
Hackers Jailbreak iPhones to compromise iOS and gain full administrative control over the enviorment

And why no mobile app is safe on a Jailbroken iPhone

What is Jailbreaking iOS — ie: What does it mean to Jailbreak an iPhone?

Jailbreaking is the process of unlocking the iOS operating system on an Apple mobile device. Jailbreaking is a form of administrative privilege escalation, which bypasses Apple’s restrictions, resulting in full administrative control over the OS (the highest level of administrative privilege possible). Jailbreaking is often accomplished by exploiting bugs in Apple’s software/firmware or modifying system kernels to allow read and write access to the file system. Jailbreaking is one of the primary methods/tools for every hacker — both black hat hackers and white hat hackers (eg: penetration testers or security researchers). They all use Jailbreaking in similar ways (to compromise…


How to use SSL Certificate Validation & Certificate Pinning to Prevent Phishing

What is Mobile Phishing?

Mobile Phishing is a cybercrime in which an attacker impersonates a legitimate/trusted institution and uses social engineering techniques to trick mobile users into doing what the hacker wants. The goal of phishing is usually either to trick mobile users into providing sensitive information (e.g. PII, username/password, SS #, banking details, credit card info, etc) or to download/install malware (for example using a fake app, or clone, or malware embedded inside a legitimate app). There are many many different forms and variants of phishing, such as spearphishing (high-value targets, usually execs), vishing (voicemail based), smishing (SMS based), and much more. Phishing…


How I fixed vulnerabilities in Uber’s mobile app in minutes without coding
How I fixed vulnerabilities in Uber’s mobile app in minutes without coding

In preparing for APIWorld I came across a Forbes article about a vulnerability in Uber’s Mobile API which prompted me to ask the question: how secure are your Mobile APIs. I decided to have a look at Uber’s app myself and build mobile app and API Security into the Uber app using a no-code platform. I recorded a video showing how I secured the app. You can view the video at the bottom of this blog post.

Back to the API Security vulnerabilities found by the security researcher: The Forbes article explains how a white-hat security researcher was able to…


I want to thank everyone for reading my 1st blog on Appdome’s COVID-19 Mobile Consumer Survey. That blog revealed critical mobile consumer data, from over 4000 respondents in the United States and globally: (1) consumers are using mobile apps more than ever in COVID-19, (2) consumer confidence in using mobile apps is at an all-time low, and (3) more than two-thirds of mobile app consumers feel very strongly that mobile app makers have a higher duty to protect mobile apps and users in COVID-19.

In this blog, I’ll cover the threats mobile consumers fear most. Understanding this voice of the…


This article provides detailed information on no-code mobile app obfuscation, including detailed step-by-step instructions on how to implement obfuscation in any iOS or Android app in seconds — no coding required.

About Mobile App Obfuscation

In recent years, decompilers have reached a maturity level that allows recovering source code back from mobile apps with ease. Obfuscation has become a well established preventive measure developers use against static reverse engineering attempts.

What sets various obfuscation solutions apart is several things:

  1. Ease of use
    This can range from using specialized compilers to post-build tools.
  2. Performance
    Some obfuscation methods incur a performance penalty, while others do not…

Appdome’s COVID-19 Mobile Consumer Survey — Security Expectations
Appdome’s COVID-19 Mobile Consumer Survey — Security Expectations

Consumer Expectations About Mobile Security

COVID-19 has transformed the mobile app economy in some big ways. Overnight, more people and more businesses than ever are using and relying on mobile apps. Here at Appdome, we wanted to know if mobile consumer expectations about the security in mobile apps has also shifted. And if so, by how much — so we asked mobile users directly. Understanding mobile consumer perspectives is critical to building sustainable mobile economies, protecting mobile data, and protecting mobile users. We hope you find this COVID-19 Mobile Consumer Survey research useful in building your own mobile business.

Executive Summary of Appdome’s COVID-19 Mobile Consumer Survey

This is a four-part blog series…


COVID-19 has transformed the mobile app economy in some big ways. Overnight, more people and more businesses than ever are using and relying on mobile apps. Here at Appdome, we wanted to know if mobile consumer expectations about the security in mobile apps has also shifted. And if so, by how much — so we asked mobile users directly. Understanding mobile consumer perspectives is critical to building sustainable mobile economies, protecting mobile data, and protecting mobile users. We hope you find this COVID-19 Mobile Consumer Survey research useful in building your own mobile business.

Executive Summary of Appdome’s COVID-19 Mobile Consumer Survey

This is a four-part blog series…


Working in mobile security over the last 5 years I often get asked the same combination or variant the following questions:

  1. What’s the difference between native apps and non-native apps?
  2. What’s the difference between “cross-platform” apps and “hybrid apps”?
  3. How do cross-platform apps and hybrid apps relate to the ‘native vs non-native’ app question?
  4. And finally what are Progressive Web Apps (PWA) and how do they fit into the mix?

Sooooo, if you’re not a mobile developer this all may sound like alphabet soup to you. Well, don’t worry you’re not alone. As I said, I get these questions all…


Mobile app obfuscation is one of the best defenses to prevent reverse engineering of Android and iOS apps to thwart hacking attempts. Hackers use reverse engineering techniques, such as static and dynamic code analysis to learn how your app functions and to understand the app’s logic. They use this knowledge later to attack your app and exploit your app’s weaknesses and vulnerabilities.

What is mobile app obfuscation?

In mobile app development, obfuscation is the process of obscuring or scrambling your compiled app’s source or binary code so that it’s not readable or otherwise understandable to hackers — all without impacting your code’s function. It’s one…

AlanB

ALAN BAVOSA is VP of Security Products at Appdome, a no-code mobile app security and development platform.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store