Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit.

The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. The imminent deprecation of Google SafetyNet Attestation API means this is a good time for a comprehensive evaluation of solutions in this space.

The post The Limitations of Google Play Integrity API (ex SafetyNet) appeared first on Security Boulevard.

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches.

The post SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec appeared first on Security Boulevard.

The last year has not been great for crypto. Most crypto currencies, including Bitcoin, experienced significant loss of value, and we saw high profile exchanges like FTX collapse.  In addition, hackers were actively stealing crypto currency. The blockchain company Chainalysis calculated that $3.8bn was stolen by hackers in 2022.

The post The Security Threats to Mobile Crypto Apps and How to Protect Them appeared first on Security Boulevard.

Or, at least, OLDER phones: SPI/TEE MITM FAIL

The post ‘BrutePrint’ Unlocks Android Phones — Chinese Researchers appeared first on Security Boulevard.

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time.

The post What is Runtime Application Self-Protection (RASP)? appeared first on Security Boulevard.

This is our second blog highlighting the results of the Approov Threat Lab Report.

The post Mobile App Security: Uncovering the Risks of Secret Theft at Runtime appeared first on Security Boulevard.

Financial apps have access to valuable and sensitive personal data, so you would think mobile app security would be top-of-mind for financial institutions. But is it? 

The post Do You Want to Know a Secret? Just Take a Look Inside Top Finance Apps appeared first on Security Boulevard.

In a word - yes; when implemented correctly, certificate pinning is an effective method for securing mobile application traffic by restricting the accepted certificates to just those you are willing to trust. In its most secure manifestation, this trust sits outside the standard TLS certificate store managed by the device.

The post Is Certificate Pinning Worth it? appeared first on Security Boulevard.

The Google SafetyNet API is a service for verifying the trustworthiness of the Android operating system on a given device mobile device. In this article we will look at the security it brings and how that will change as it is replaced by Google’s Play Integrity API.

The post What is SafetyNet and How Does it Improve Android Security? appeared first on Security Boulevard.