Richard Taylor

Approov iOS Native Integration QuickStarts

Sun 17 May 2020 By Richard Taylor

Category: Integration, iOS, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Evgeni Tcherkasski on Unsplash

Read More

Preventing Faked Proximity

Fri 15 May 2020 By Richard Taylor

Category: Threats, MitM Attack, API Abuse, API Security, Healthcare

We’ve been thinking a lot about contact tracing apps in recent weeks. There are ongoing debates about whether a centralised or decentralised model is superior, and how the ensuing discussions around privacy will impact their takeup.

Read More

Quick Analysis: NHSX Contact Tracing App

Mon 11 May 2020 By Richard Taylor

Category: Reverse Engineering, Threats, API, Mobile App Development, MitM Attack, Certificate Pinning, API Abuse, API Security

When the NHSX contact tracing app was made available in the app stores last Thursday we decided to take a quick look at its operation and how the code has been put together. We used the Android version and the excellent MobSF tools to do our reversing analysis. On Friday the full source code of the app was also published on github

Read More

UK Contact Tracing App Privacy Risks

Tue 05 May 2020 By Richard Taylor

Category: Threats, Mobile App Development, API Security, Healthcare

More details of the UK's controversial NHSX contact tracing app are being released as the app starts a wider scale trial on the Isle of Wight this week. NHSX is a digital transformation group associated with the UK National Health Service.

Why controversial? There are many reasons, some to do with how the app development was initially procured, but also specifically from a technical perspective as the UK has opted for a centralised contact tracing approach rather than the decentralised model being championed by Apple and Google amongst others (including ourselves).

Read More

Approov Enhanced App Bundle Support

Fri 01 May 2020 By Richard Taylor

Category: Integration, Android, Mobile App Authentication, Mobile App Development, API Security

Photo by Digital Buggu from Pexels

Google announced Android App Bundles a couple of years ago at I/O 2018. App Bundles are a new app publishing format providing new features that have rapidly driven their adoption. In particular App Bundle delivery enables automatic splitting of various assets within the overall app package, so they are only delivered to a device if they are actually needed.

Read More

Approov React Native Quickstart

Thu 30 April 2020 By Richard Taylor

Category: Integration, ReactNative, Mobile App Authentication, Mobile App Development, API Security

Photo by Ferenc Almasi on Unsplash

React Native is a very popular framework for building cross platform apps. Apps are developed in Javascript, but with full support for inclusion of native iOS or Android libraries where that is necessary. You shouldn’t need to compromise on security though just because you are using a higher level framework rather than developing native apps. Our React Native Quickstart allows you to easily get up and running with Approov, whether you are building a new app or adapting an existing one to have an improved security posture.

Read More

Approov Backend Quickstarts

Wed 29 April 2020 By Richard Taylor

Category: Integration, Mobile App Authentication, API, MitM Attack, Certificate Pinning, API Security

Photo by Ankush Rathi from Pexels

Approov lets your mobile app prove to a backend API that it really is the official mobile app making the call, and that it is not running in an environment that may be compromised. Only requests from the apps that you specifically allow can make successful requests.

Read More

Approov Android Native Integration QuickStarts

Tue 28 April 2020 By Richard Taylor

Category: Integration, Android, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Pathum Danthanarayana on Unsplash

Our aim is to make the process of integrating Approov into your mobile app as simple as possible. Our Quickstart guides show you how to Approov into your app, tailored to whatever framework or programming style you’ve already adopted. In this blog we are going to cover the comprehensive options we have for Android Native app development.

Read More

Cloner Apps: Playing in a Shared Sandbox

Mon 27 April 2020 By Richard Taylor

Category: Android, Mobile App Authentication, Repackaged Apps, Threats, Fintech

Image by Andrew Martin from Pixabay

The Android app store contains numerous Cloner Apps. These are an increasingly popular category that allow you to have multiple accounts associated with an app, such as a social media or messaging app. Our analysis shows that such apps introduce some really concerning potential security isolation risks that you should be aware of so that you can decide if you want to enable features to block the use of such cloner apps with your own app.

Read More

Contact Tracing Apps: Privacy vs. Security?

Thu 16 April 2020 By Richard Taylor

Category: Mobile App Authentication, Threats, API, API Abuse, API Security, Healthcare

Photo by Fusion Medical Animation on Unsplash

Last Friday, there was an unusual joint announcement from Apple and Google providing details of a new phone API for Covid-19 contact tracing via Bluetooth. The protocol allows mobile phones to continually transmit Bluetooth advertisements to one another. This includes a proximity identifier derived from randomly generated keys that can be held secretly on each device. If a phone user is later diagnosed with Covid-19, they are able to upload the daily tracing keys for those days when they might have been infectious. 

Read More

Page 1 of 3