Application Security: Why Skipping the Audit Can Risk Your Investment

It’s all over the news lately: new, flashy apps make it out of the oven, get great press coverage—and are hacked days later. Even the satirically simple app Yo, which sends a “Yo” message to a user’s friends, was a victim. In many cases, app developers could have easily avoided massive blows to their reputations […]

Dispelling the “What Mobile Security Threat?” Myth

Post 1 of 6: Dispelling Mobile App Security Myths – Myth #1 This is post one in a series on Mobile Application Security. Mobile applications are everywhere. The growth of enterprise mobile apps in the past few years has been absolutely staggering. Forrester Research reports that 23 percent of the workforce has downloaded 11 or […]

Stop Freaking Out About Facebook Messenger

Facebook recently announced that mobile chat functionality would soon require users to install Facebook Messenger. Fueled by the media, many people have been overreacting about the permissions that Messenger requests before taking time to understand what the true privacy implications were. In a nutshell, Messenger is hardly an outlier relative to the other social media […]

I Forgot My Wallet. Can I Borrow Yours?

Ever forget your wallet? I do. All the time. If I wasn’t in the security industry, an ability to pay for things with my cell phone (which is never too far from my grasp) would be attractive to me. But LifeLock’s recent move to pull their Mobile Wallet application from the app store and delete […]

Shining a Flashlight on Mobile Application Permissions

The Federal Trade Commission (FTC) recently completed and announced the terms of a settlement with GoldenShore Technologies, a one-man development shop based out of Idaho and creator of the popular “Brightest Flashlight” application for Android. Back in December the FTC, in response to a number of complaints, began investigating the app, which was doing a […]

Introducing the iOS Reverse Engineering Toolkit

It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating the same manual tasks for each test. Typing out the same commands to run various tools that are required to help […]

How Angry is That Bird?

The news regarding the NSA and its British counterpart discussed how the Angry Birds app was targeted as a means to collect personal information about app users. Presumably the agencies were collecting data that the app was already accessing as part of its normal operations. What data is being accessed and should it concern us?

We performed a behavioral analysis on Angry Birds for Android with our mobile application reputation service. Here’s what we found.

Mobile Myth: iOS is Safer Than Android

It’s easy to be lulled into a false sense of security when you’re using an iphone, but is iOS really the better smartphone operating system when it comes to malware?

According to F-Secure Labs’ latest Mobile Threat Report, malware authors continue to concentrate on the Android platform with 252 new threat families and variant families.  The report also shows that 81% of discovered threats are profit motivated. So what does this mean? Most bad guys are still looking for cash with their malware!

Fake Weather Channel App Serving up Malware

Top weather app in Google Play ‘Weather Channel VDO‘ looks to be serving more than the forecast. Capabilities include accessing device and carrier information, and examining account and file system. This app is performing Trojan like-capabilities, downloading a 466 kB file from an IP address listed as a known virus site. Findings also include an association with known adware.

Learn more about Veracode’s mobile application reputation service.

Food for Thought: Mobile Application Security & HIPAA

As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I have been fielding questions left and right about what to do when it comes to mobile applications and HIPAA compliance, I would simply write a blog post on the topic.

1 2 3