Shows
Upwardly Mobile - API & App Security NewsThe Fitify Fiasco: Unpacking 300K Photos Exposed via Hardcoded App Secrets!The Fitify Fiasco: Unpacking 138K Private Progress Photos, 206K Profile Photos & Hardcoded App SecretsWelcome to Upwardly Mobile! In today's episode, we dive deep into the recent massive data leak involving the popular iOS fitness app, Fitify, affecting over 25 million users globally. We'll explore the critical security vulnerabilities exposed and discuss how adherence to standards like OWASP MASVS and advanced solutions like Approov can protect your mobile apps and user data. The Fitify Fiasco: The Cybernews research team recently uncovered a significant data breach with Fitify, a widely used iOS fitness app. Their investigation...2025-07-2109 min
Upwardly Mobile - API & App Security NewsThe $7M Blindspot: Mobile App Security's Hidden Costs and Fortifying APIs with Zero TrustIn this episode of Upwardly Mobile, we dive deep into the critical, yet often underestimated, world of mobile app security. Drawing on recent research, we uncover a staggering misalignment between perception and reality, highlighting why organizations are facing an average of nine mobile app security incidents per year, with an average financial toll reaching $6.99 million in 2025.While 93% of organizations believe their mobile app protections are sufficient, a substantial 62% have experienced at least one security incident in the past year. The repercussions extend beyond financial losses, including application downtime, sensitive data leaks...2025-07-1713 min
Upwardly Mobile - API & App Security NewsSmart Home Security: Navigating IoT Risks with Advanced Mobile App ProtectionIn this episode, we dive deep into the pressing concerns of Internet of Things (IoT) security, especially within our increasingly connected smart homes. From smart refrigerators to water shut-off valves, these devices offer immense convenience but also present tempting targets for cybercriminals. We'll explore the array of vulnerabilities, real-world attack statistics, and the innovative solutions emerging to protect our digital and physical spaces.Key Discussion Points:The Alarming State of IoT Security:A shocking 57% of IoT devices are vulnerable to medium- or high-severity attacks, with 70% having serious security vulnerabilities overall.A staggering 98% of IoT device traffic is unencrypted...2025-07-1414 min
Upwardly Mobile - API & App Security NewsUnlocking Zero Trust for Mobile Apps: Bridging the Security GapIn this insightful episode of "Upwardly Mobile," we look into the critical importance of extending Zero Trust principles to consumer-facing mobile applications. Despite the widespread adoption of the "never trust, always verify" security model across enterprises, mobile apps often remain a significant blind spot, operating in uncontrolled and untrusted environments. This oversight exposes organizations to sophisticated attacks, directly impacting customer trust, regulatory compliance, and revenue.Why is mobile the weakest link in today's Zero Trust architecture and how modern threats like silent escalation, runtime tampering, and reverse engineering specifically target the post-installation, runtime environment of mobile apps. With...2025-07-1112 min
Upwardly Mobile - API & App Security NewsQantas Under Siege: Unpacking the Third-Party Data Breach & Scattered Spider's ThreatQantas Under Siege: Unpacking the Third-Party Data Breach & Scattered Spider's ThreatIn this episode of "Upwardly Mobile," we dive deep into the recent cyberattack on Qantas, Australia’s leading airline, which confirmed on July 2, 2025, that it experienced a cyberattack on a third-party customer service platform in one of its call centers. This incident raised significant alarms, especially just before the busy July 4th travel season in the United States.Key Takeaways from the Breach:Significant Data Compromise: Qantas reported that approximately 6 million customers have service records in the affected pl...2025-07-0713 min
Upwardly Mobile - API & App Security NewsFortify Your Phone: Android 16's Advanced Security FeaturesFortify Your Phone: Android 16's Advanced Security FeaturesIn this episode, we'll explore two of the most impactful security features in Android 16 that you need to know about: Advanced Protection and Identity Check, along with other significant API security improvements.Key Features and Insights:Android 16's Focus on Security: Despite foundational work for future design and multitasking changes, Android 16's initial rollout emphasizes "significant security enhancements" designed to make a "meaningful difference" in data protection. Android 16 sets the stage for the platform's most dramatic reinvention in ages...2025-07-0415 min
Upwardly Mobile - API & App Security NewsIndependence Day: Cloudflare's Dual Defense for Mobile Apps & Original ContentIndependence Day: Cloudflare's Dual Defense for Web Mobile Apps & Original ContentWelcome to "Upwardly Mobile"! In this episode, we dive deep into Cloudflare's groundbreaking efforts to protect both mobile applications and original online content from the escalating challenge of AI bots and data scrapers.Key Topics Covered:Protecting Mobile Applications from AI Bots:Cloudflare's AI bot blocking features are fully capable of protecting mobile APIs.Their Bot Management system analyzes incoming traffic without differentiating between desktop and mobile user agents when scoring bot activity.Leveraging machine...2025-07-0216 min
Upwardly Mobile - API & App Security NewsUnpacking the WestJet Cyberattack | Mobile API Security & Threats to AirlinesUnpacking the WestJet Cyberattack | Mobile App Security and Aviation ThreatsJoin us on "Upwardly Mobile" as we dissect the significant WestJet cyberattack, an incident that brought to light critical vulnerabilities in mobile application security and backend systems within the aviation sector. Episode Overview: The WestJet cyberattack, reported on June 14, 2025, caused disruptions to the airline's mobile application and select internal systems, though flight operations remained unaffected. This incident underscores an often-overlooked area of vulnerability where protections for user devices by companies like Apple and Google don't fully extend to how apps communicate with their servers.2025-06-3016 min
Upwardly Mobile - API & App Security NewsApple's EU App Store Overhaul | Fees, Fines, and the Fight for DMA ComplianceUnpacking Apple's EU App Store Overhaul: Fees, Fines, and the Fight for DMA ComplianceJoin us on "Upwardly Mobile" as we dive deep into Apple's latest App Store changes in the European Union, a direct response to the stringent Digital Markets Act (DMA). Faced with a hefty €500 million (about $570 million) penalty from the EU for "anti-steering" practices, Apple has introduced a complex new fee structure that's shaking up the mobile app ecosystem. What You'll Learn in This Episode:The New Tier System for Store Services Fees: Discover how Apple's new two-tier system impacts developers. Tier 1 offers ba...2025-06-2816 min
Upwardly Mobile - API & App Security NewsWhy the Open App Markets Act Matters?Why the Open App Markets Act MattersEpisode Notes:Join us on "Upwardly Mobile" as we delve into the critical issue of how Apple and Google's dominant control over the mobile app ecosystem is stifling innovation in mobile app security and potentially increasing long-term consumer cyber risk. While both companies, especially Apple, are currently seen as doing a "reasonable job" with cybersecurity within their closed environments, experts warn that this "monoculture protection" is not sustainable against evolving threats from nation-states, criminal groups, and AI.The Problem with App Store Monopolies: The core...2025-06-2615 min
Upwardly Mobile - API & App Security NewsThe 16 Billion Credential Crisis: Blueprint for Mass ExploitationThe 16 Billion Password Leak: Securing Your Digital FootprintEpisode Notes:In this crucial episode of "Upwardly Mobile," we delve into the recent confirmation of what researchers believe is the largest password leak in history, exposing an astounding 16 billion login credentials [1-4]. This "mother of all leaks" involves a vast number of compromised records, with researchers discovering "30 exposed datasets containing from tens of millions to over 3.5 billion records each" [3, 4].Understanding the Massive Breach:• Scope of Compromise: The leaked data includes billions of login credentials from social media, VPNs, developer portals...2025-06-2514 min
Upwardly Mobile - API & App Security NewsSecuring Critical Mobile Medical Apps | FDA Regulations & CybersecurityFDA Regulation and Cybersecurity for Life-Critical Health AppsWelcome to "Upwardly Mobile," the podcast exploring the intersection of mobile technology, health, and regulation. In this episode, we dive deep into the world of Mobile Medical Apps (MMAs), understanding how the FDA ensures their safety and effectiveness, and why cybersecurity is absolutely non-negotiable in this rapidly evolving landscape.What You'll Learn:• The Rise of mHealth: Mobile health (mHealth) apps are revolutionizing healthcare, empowering patients with personalized monitoring, tracking, and therapeutic support1. The regulated medical apps market is projected to reach a staggering $156 bil...2025-06-2312 minUpwardly Mobile - API & App Security NewsGodFather Malware | The Virtual App Deception You Won't See ComingGodFather Malware: The Virtual App Deception You Won't See ComingEpisode Notes:GodFather Malware's Stealthy Installation & Virtualization Attack In this episode of "Upwardly Mobile," we dive deep into the sophisticated threat posed by the GodFather Android malware, a dangerous new version that's hijacking legitimate mobile applications, especially banking and cryptocurrency apps, by turning your own device into a spy. We'll uncover its deceptive installation methods and its advanced on-device virtualization technique that makes it nearly impossible to detect visually. How GodFather Malware Gets Installed: Beyond the Play Store The GodFather malware doesn't come...2025-06-2014 minUpwardly Mobile - API & App Security NewsGoogle Play Store Crypto Scam | Protecting Your Wallets from Malicious Apps!Protecting Your Crypto Wallets from Deceptive AppsA critical cybersecurity threat that has impacted cryptocurrency users on the Google Play Store. In this episode of Upwardly Mobile, we uncover the alarming findings by Cyble Research and Intelligence Labs (CRIL), who identified over 20 malicious applications actively targeting crypto wallet users [1-4].Key Discoveries and Threat Tactics:• These deceptive apps impersonate legitimate and popular crypto wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium [2-4]. They even use the icons of legitimate wallets to trick victims into trusting them [5].• Once installed, the apps p...2025-06-1715 minUpwardly Mobile - API & App Security NewsApp Store Fees Exposed: Maximize Your Revenue & Bypass the 30% CutStrategies for App Revenue SuccessWelcome to "Upwardly Mobile," the podcast that empowers founders to scale their ventures! In this essential episode, we look into the often-challenging world of app store fees, exploring how Apple and Google claim a significant cut from your hard-earned revenue and, more importantly, how you can navigate these charges to maximise your profit.The Reality of App Store Fees: Discover why Apple and Google typically claim up to 30% of revenue from in-app purchases1. While a reduced 15% rate exists for smaller businesses earning under $1 million annually, founders serious about scaling...2025-06-1220 minUpwardly Mobile - API & App Security NewsCaught Red-Handed: Meta & Yandex's Covert Android Surveillance!Episode Notes:Dive deep into the shocking revelations about covert web-to-app tracking affecting billions of Android users! This episode uncovers a novel tracking method employed by tech giants Meta (Facebook Pixel) and Yandex (Yandex Metrica), which silently links your mobile browsing sessions to your long-lived native app identities.Key Discoveries:• The Localhost Loophole: Learn how Meta and Yandex exploit unrestricted access to localhost sockets on the Android platform. Native apps like Facebook, Instagram, Yandex Maps, Navigator, Browser, and Search listen on fixed local ports (e.g., Meta uses UDP ports 12580-12585; Yandex uses...2025-06-0924 minUpwardly Mobile - API & App Security NewsCoinbase Strikes Back: $20M Bounty on Cyber ExtortionistsCoinbase Under Attack: The $20 Million Ransom & The Fight Against Social EngineeringJoin us on Upwardly Mobile as we unravel the recent cybersecurity incident that rocked Coinbase, one of the world's leading cryptocurrency exchanges. Discover how a sophisticated social engineering scheme led to a significant data breach, a audacious $20 million ransom demand, and Coinbase's bold refusal to pay the extortionists. Learn about the sensitive customer data that was compromised, the financial impact on the company, and crucial advice for users to stay safe in the ever-evolving digital landscape.Episode Highlights:• The Social Eng...2025-06-0614 minUpwardly Mobile - API & App Security NewsHacking Volkswagen's Mobile App | A Car Security BreachHacking Your Ride: Unpacking Volkswagen's App Flaws & Fortifying Mobility SecurityIn this episode of Upwardly Mobile, we delve into the alarming discovery of significant security flaws in the My Volkswagen mobile app and explore how robust mobile app protection is crucial for the evolving mobility sector. Join us as we dissect the vulnerabilities found and discuss solutions to safeguard connected vehicles and sensitive user data.What We Discussed:• The Volkswagen App Hack Explained: We explore how a security researcher, frustrated by not receiving an OTP for a pre-owned car's My Volkswagen app...2025-06-0412 minUpwardly Mobile - API & App Security NewsApple vs Samsung vs Xiaomi: Who is Dominating the Smartphone Battle?This episode delves into the recent dynamics of the global smartphone market based on the latest reports from IDC and Counterpoint Research. After two challenging years of decline, 2024 marked a significant recovery, showing the resilience of the market despite lingering macroeconomic pressures. We explore the factors driving this growth, the changing landscape among major players, the rise of new manufacturing hubs like India, and the exciting role of AI in shaping the future of mobile.Key Highlights:Market Recovery: Global smartphone shipments increased by 6.4% year-over-year in 2024, reaching 1.24 billion units. This follows a period of...2025-06-0211 min
Upwardly Mobile - API & App Security NewsNorth Korea's Crypto Heists | Mobile App and API ThreatsNorth Korean Crypto Heists: Mobile and API ThreatsIn this episode of Upwardly Mobile, we delve into the alarming tactics employed by North Korean state-sponsored hackers to siphon billions from the cryptocurrency world. Moving beyond targeting just large exchanges, these sophisticated actors, most notably the infamous Lazarus Group, are increasingly focusing on vulnerabilities in mobile devices and Application Programming Interfaces (APIs), the digital connectors powering our apps.We discuss how your phone, the device you carry everywhere, has become a prime target. Hackers are using sophisticated social engineering and phishing campaigns delivered via messaging...2025-05-2311 minUpwardly Mobile - API & App Security NewsBeyond Code Obfuscation | The Non-Negotiable Shift to Dynamic Mobile App SecurityPodcast Title: Upwardly MobileEpisode Title: Beyond Obfuscation: Dynamic Defenses for Modern Mobile SecurityEpisode Summary: In this episode, we dive deep into the evolving landscape of mobile application security. While traditional methods like code obfuscation once offered a basic layer of defense, they are proving increasingly inadequate against today's sophisticated threats. We explore the findings of recent security analyses highlighting widespread vulnerabilities, such as weak cryptography and exposed credentials, even in enterprise apps. We discuss why static defenses like obfuscation fall short , especially against the rise of AI-powered attacks and the re...2025-05-1807 minUpwardly Mobile - API & App Security NewsFair Play: How Competition Drives UK Growth & Challenges Big Tech's AppStore PowerFair Play: How Competition Policy Drives UK Growth and Challenges Big Tech's App Store PowerIn this episode of Upwardly Mobile, we delve into "Fair Play: How competition policy can drive growth," a briefing paper from the Institute for Public Policy Research (IPPR). Authors George Dibb and Tommaso Valletti argue that a robust competition policy, enforced by a responsive regulator like the Competition and Markets Authority (CMA), is a cornerstone of shared, equitable growth in the UK.The paper highlights how the UK economy is grappling with rising market concentration and stagnant productivity. It...2025-05-1507 minUpwardly Mobile - API & App Security NewsThe Signal Clone Crisis: Mike Waltz, TeleMessage, and the Hack That Exposed Sensitive CommsEpisode Summary: In this episode of Upwardly Mobile, we unpack the unsettling incident involving TeleMessage, a modified clone of the secure messaging app Signal, its use by the U.S. government, and the subsequent data breach. We explore how a lack of fundamental security measures like app attestation and token-based API access created gaping vulnerabilities, allowing a hacker to access sensitive archived data. Drawing on insights from the sources, we discuss why encryption alone is insufficient and highlight the urgent need for robust client-side security to protect sensitive communications and safeguard brand trust in the digital age.2025-05-1305 minUpwardly Mobile - API & App Security NewsSecuring AI Agentic Mobile API AccessSecuring APIs: Mobile App Vulnerabilities Meet the Rise of AI AgentsEpisode Notes:Welcome to Upwardly Mobile! In this episode, we delve into the critical and rapidly evolving landscape of API security, focusing on the unique challenges presented by mobile applications and the increasing prevalence of autonomous AI agents accessing these APIs. As AI paradigms become standard, technology is racing to keep up, especially with the shift toward AI agentic API consumption in 2025. This presents significant security considerations, requiring a rethinking of how systems are secured and access is...2025-05-0814 minUpwardly Mobile - API & App Security NewsXiaomi Explores Google-Free HyperOS with Huawei and BBKBeyond Google: HarmonyOS, HyperOS, and Securing the Non-GMS Mobile WorldEpisode Description:Join us as we dive into the evolving landscape of mobile operating systems beyond the familiar Google Mobile Services (GMS) ecosystem. We explore how Huawei has achieved significant market success with its HarmonyOS, particularly in China, despite the challenges of being added to the U.S. entity list and losing access to GMS. The sources highlight HarmonyOS NEXT, Huawei's self-developed OS that fully decouples from Android, featuring a China-made kernel and aiming for a large native app ecosystem.This...2025-05-0209 minUpwardly Mobile - API & App Security NewsApple Blasted by Judge: Lying Under Oath and Losing App Store Control -Apple Blasted by Judge: Lying Under Oath and App Store ControlEpisode Notes: In this episode, we dive into the dramatic developments from the ongoing legal battle between Epic Games and Apple. A recent ruling by Judge Yvonne Gonzalez Rogers has delivered a significant blow to Apple's control over its App Store.The judge has banned Apple from charging a commission on purchases made outside the App Store. This stems from Apple's "ongoing anticompetitive behavior", specifically their response to a previous 2021 ruling that required them to allow developers to direct users to...2025-05-0108 minUpwardly Mobile - API & App Security NewsThe Good, The Bad, and The Ugly in Mobile EncryptionUpwardly MobileEpisode Title: The Good, The Bad, and The Ugly in Mobile EncryptionIn this episode of Upwardly Mobile, hosted by George & Skye and sponsored by Approov, we dive deep into the crucial world of encryption algorithms for mobile app developers. Protecting user data is paramount for trust, compliance, and preventing breaches, but navigating the landscape of encryption can be challenging. We break down algorithms into three categories: The Good, The Bad, and The Ugly, discussing which ones to use, which to avoid, and learning from past...2025-04-2617 minUpwardly Mobile - API & App Security NewsThe 92% Problem: Why Obfuscation Fails and Dynamic Security is EssentialEpisode Title: The 92% Problem: Moving Beyond Obfuscation to Secure Mobile AppsEpisode Summary: Welcome to another episode of Upwardly Mobile, the podcast that dives deep into the world of mobile app development and security, sponsored by Approov! In this episode, hosts Skye Macintyre and George McGregor tackle a concerning statistic: a new analysis reveals that a staggering 92% of mobile apps use insecure cryptographic methods. We explore the findings of the Zimperium report, "Your Apps are Leaking: The Hidden Data Risks on your Phone," which analyzed over 17,000 enterprise mobile applications and uncovered widespread...2025-04-2108 minUpwardly Mobile - API & App Security NewsThe Critical Imperative of Mobile App Security in 2025The Critical Imperative of Mobile App Security in 2025Welcome back to Upwardly Mobile, the podcast tackling the high-stakes world of mobile app development and API security, sponsored by Approov—the leaders in cross-platform app attestation technology1. In this episode, we delve into the essential reasons why mobile app security is not just important, but a critical imperative in today's digital landscape.Episode Highlights:•The Flourishing Mobile App Market and Growing Threats: We kick off by highlighting the massive growth of the mobile app market, with billions of smartphone users worldwide2. This widespread adoption, whil...2025-04-1814 minUpwardly Mobile - API & App Security NewsApple Under Scrutiny: The EU's DMA in ActionApple Under Scrutiny: The EU's DMA in ActionWelcome back to Upwardly Mobile! In this episode, we delve into the latest developments surrounding the European Union's Digital Markets Act (DMA) and its significant impact on major technology companies, particularly Apple. We explore the European Commission's recent guidance aimed at ensuring interoperability on Apple's platforms and the broader implications of this landmark legislation for competition and innovation in the digital marketplace.The DMA, designed to curb anti-competitive behaviour, designates certain large online platforms as "gatekeepers". Companies like Apple are now facing strict requirements to...2025-04-1408 minUpwardly Mobile - API & App Security NewsThe Growing Threat to Mobile APIs: Leaks, Lapses, and Robust DefencesEpisode Title: The Growing Threat to Mobile APIs: Leaks, Lapses, and Robust DefencesEpisode Notes:In this episode of Upwardly Mobile, we delve into the escalating challenges surrounding API security for both web and mobile applications. We explore recent alarming trends, including the leakage of 39 million secret API keys and credentials from GitHub in 2024, highlighting the persistent threat of exposed authentication data such as API keys, credentials, and tokens. This situation has prompted GitHub to launch new security tools to combat this issue. According to GitHub, numerous secrets are blocked every minute with push protection, yet accidental exposure remains a...2025-04-1011 minUpwardly Mobile - API & App Security NewsSecuring Mobile Apps: Approov's Award-Winning Attestation TechnologyUpwardly Mobile - Episode Title: Securing Mobile Apps: Approov's Award-Winning Attestation TechnologyWelcome to Upwardly Mobile, the podcast exploring the latest innovations in mobile technology. In this episode, we delve into the critical world of mobile application security and explore a groundbreaking solution that's garnering industry recognition. We focus on Approov Limited and their patented app attestation technology (U.S. Patent 11,163,858 B2). This innovative approach addresses the growing challenge of ensuring the integrity and trustworthiness of mobile applications and their interactions with backend systems.Key Discussion Points:2025-04-0316 minUpwardly Mobile - API & App Security NewsGoogle Goes Private: The Future of Android DevelopmentPodcast Title: Upwardly Mobile Episode Title: Google Goes Private: The Future of Android DevelopmentEpisode Description:In this episode of Upwardly Mobile, we delve into a significant shift in the world of Android development. Google has announced that it will now conduct all Android operating system development internally, moving away from the traditional model where much of the work was visible through the public Android Open Source Project (AOSP). We explore the reasons behind this move, its implications for manufacturers, developers, and the future of the Android ecosystem, especially for non-GMS (Google Mobile Services) devices popular in regions like India...2025-03-3109 minUpwardly Mobile - API & App Security NewsUnlocked and Unsafe? The Truth About iOS JailbreakingUpwardly Mobile - Episode Title: Jailbreaking iPhones: Risks, Detection, and Staying SecureWelcome to Upwardly Mobile, the podcast exploring the latest trends and security challenges in the mobile landscape. In this episode, we delve into the world of iOS jailbreaking, examining the latest developments, the ongoing battle between jailbreak detection and bypass methods, and the significant security implications for both individual users and organisations.Listen as we discuss:What is Jailbreaking? We explain what it means to jailbreak an iPhone and the motivations behind it, from...2025-03-2916 minUpwardly Mobile - API & App Security NewsThe Man-in-the-Middle Threat: Understanding and Preventing MitMEpisode Title: Securing Your Connection: A Guide to Preventing MitM AttacksEpisode Description: Man-in-the-Middle (MitM) attacks pose a significant threat to online security, allowing malicious actors to intercept and manipulate communications. This episode delves into what MitM attacks are, how they work, and crucial strategies for prevention, especially for mobile applications. We'll explore the evolving landscape of security measures, including the debate around certificate pinning.Episode Notes:What are Man-in-the-Middle (MitM) attacks?A MiTM attack occurs when a bad actor secretly inserts themselves between two connected parties to read, steal, manipulate, or forward exchanged data. These...2025-03-2013 minUpwardly Mobile - API & App Security NewsBeyond DexGuard: Exploring Advanced Layers of App ProtectionEpisode Notes: In this episode, we delve into the crucial topic of mobile app security, focusing on the concept of hardware-backed key attestation and its role in verifying device integrity. We explore what key attestation is, an enabling feature of the Android ecosystem that allows apps to check if the device's operating system, bootloader, and overall environment have been tampered with. This process often involves leveraging the device's KeyStore to retrieve a certificate chain and verifying the integrity of certificates and root certificates. We discuss the potential benefits of key attestation, particularly for applications handling sensitive data in...2025-03-1812 minUpwardly Mobile - API & App Security NewsSecrets Sprawl: The Mobile Security ThreatEpisode Notes: In this episode, we delve into the growing threat of secrets sprawl, particularly for mobile developers. The recent State of Secrets Sprawl 2025 report revealed a concerning 25% increase in hardcoded secrets exposed on GitHub in 2024, with 23.7 million new secrets leaked. We explore why mobile apps are particularly vulnerable, as they often contain API keys, authentication tokens, and other sensitive data that can be easily extracted from hardcoded source code, leading to API abuse, data breaches, and supply chain attacks. We discuss how hardcoded secrets are a major attack vector, with 58% of all leaked credentials in 2024 being generic...2025-03-1432 minUpwardly Mobile - API & App Security NewsUnpacking Mobile Malware: Earth Minotaur, Gamaredon, and GodLoader ThreatsDetails the emerging threats posed by three distinct cybercriminal groups – Earth Minotaur, Gamaredon, and the developers behind GodLoader – as they increasingly target mobile devices running Android and iOS. It outlines the specific malware tools each group employs, such as Earth Minotaur's MOONSHINE exploit kit and DarkNimbus backdoor, Gamaredon's BoneSpy and PlainGnome spyware, and the cross-platform GodLoader malware built using the Godot Engine. The text raises concerns about data theft, audio surveillance, sophisticated social engineering tactics, and the challenges of detecting these evolving threats, ultimately urging users to adopt proactive cybersecurity measures to protect their devices.2025-03-1018 minUpwardly Mobile - API & App Security NewsSamsung Galaxy S25 | A Quantum Leap in Mobile Security?This episode explores the groundbreaking security features of the Samsung Galaxy S25, focusing on its implementation of post-quantum cryptography (PQC)1.... Learn how the Galaxy S25 is setting a new standard for mobile security by integrating PQC to protect against future quantum-based cyber attacks1.Key Discussion Points:• The Galaxy S25 is the first smartphone to feature post-quantum cryptography, using the ML-KEM algorithm to protect sensitive data2.• Post-quantum cryptography (PQC) consists of cryptographic algorithms that should be secure against cryptanalytic attacks performed by a quantum computer3.• Knox Vault on the Galaxy S25 employs post-quantum cryptography to secure pe...2025-03-0220 minUpwardly Mobile - API & App Security NewsTgToxic Android Trojan: A Masterclass in Banking MalwareEpisode Notes: In this episode of Upwardly Mobile, we dive deep into the world of Android banking trojans, focusing on the rising threats of ToxicPanda and TgToxic. These sophisticated pieces of malware are targeting mobile users across the globe, aiming to steal credentials, cryptocurrency, and funds from banking and finance apps [1, 2].We explore how these trojans operate, their evolution, and most importantly, how you can protect yourself [3, 4].Key Discussion Points:The Threat Landscape: Understanding the basics of mobile banking trojans and their increasing prevalence [2, 5].ToxicPanda: Discover the tactics used by this relatively new trojan, including social engineering...2025-02-2615 minUpwardly Mobile - API & App Security NewsQuokka: Mobile App Security Intelligence for Risk-Based DecisionsIn this episode, we explore how Quokka and Approov provide complete protection for mobile apps and APIs throughout the Software Development Lifecycle (SDLC)1.... Learn how to scan your app using Quokka to quickly identify vulnerabilities and inject security into the development process3. Discover how Approov adds Zero Trust protections against runtime attacks and gains continuous visibility to new threats4.Key Discussion Points:• The mobile threat landscape: Mobile apps are critical for businesses, but they are vulnerable to analysis, cloning, and hacking, which can lead to financial transaction interception, credential theft, and API targeting5. Cur...2025-02-2312 minUpwardly Mobile - API & App Security NewsZero Trust for Mobile Healthcare: Protecting ePHI on Personal DevicesZero Trust for Mobile Healthcare: Protecting ePHI on Personal DevicesThe proposed updates to the HIPAA Security Rule aim to address specific cybersecurity threats related to mobile devices and applications that access electronic protected health information (ePHI)1....These threats include:• Cloned/modified apps: Addressing the risk of fake apps that can download malware, viruses, or steal credentials to access backend systems3.... App attestation is suggested as a way to verify that apps accessing ePHI are genuine and unmodified5....• Device manipulation: Providing run time protection against device manipulation, where hacker...2025-02-1912 minUpwardly Mobile - API & App Security NewsHarmonyOS Next: A True Android Alternative?Here are episode notes, SEO keywords, and hashtags, along with links to the source materials: Episode Notes: This episode explores Huawei's HarmonyOS, including the distinctions between traditional HarmonyOS and HarmonyOS NEXT. We discuss system architecture, performance enhancements, user experience, and security features. The episode further examines HarmonyOS in comparison to GMS Android and Non-GMS Android, focusing on compatibility and security issues. We also investigate the limitations of Huawei's HarmonyOS Safety Detect and compare it with mobile app security solutions like Approov.We define GMS Android as devices with pre-installed Google Mobile Services, offering access to the Google Play Store and...2025-02-1620 minUpwardly Mobile - API & App Security NewsApple App Store Security Fail: The Fake LastPass StoryFake LastPass App on Apple App Store: How to Protect Your Credentials This episode discusses the recent discovery of a fake LastPass application, named "LassPass Password Manager", on the Apple App Store. The fraudulent app mimicked the branding and user interface of the real LastPass app. We'll explore how this fake app bypassed Apple's security review process, what you can do to avoid falling victim to similar scams, and the importance of app attestation. What Happened?A fake password management app called "LassPass Password Manager" appeared on the Apple App Store.The app was created by a...2025-02-1616 minUpwardly Mobile - API & App Security NewsMobile Money, Mobile Risk: Securing Africa's Fintech FutureExposed: Fintech Secrets in Africa Episode Summary:In this episode of Upwardly Mobile, we delve into the concerning state of mobile application security across the African continent, with a specific focus on financial technology (fintech) apps. Recent research reveals that a staggering 95% of popular banking and financial apps in Africa have easily exploitable security flaws. We discuss the potential impact of these vulnerabilities on consumers and financial institutions, and explore what can be done to mitigate these risks and build trust in the digital financial ecosystem. We will also explore the broader landscape of cybersecurity in Africa and...2025-02-1115 minUpwardly Mobile - API & App Security NewsIs DeepSeek Safe? Navigating the Risks of the Chinese AI ModelEpisode Summary: In this episode, we delve into the rapidly growing popularity of DeepSeek, a Chinese AI model, and uncover the potential security and privacy risks it poses. From data transmission vulnerabilities to troubling terms of service, we explore the reasons why caution is key when considering this innovative AI tool.Episode Notes:•Introduction:◦DeepSeek's rapid rise to prominence and its potential impact on the AI landscape1....◦Initial praise for its efficiency and advanced AI capabilities2.•Data Privacy Concerns:◦DeepSeek's data storage in China raises concerns about state surv...2025-02-0911 minUpwardly Mobile - API & App Security NewsFrida: Friend or Foe? Protecting Your Mobile Apps from Dynamic InstrumentationPodcast Title: Upwardly MobileEpisode Title: Frida: Friend or Foe? Protecting Your Mobile Apps from Dynamic InstrumentationEpisode Description:In this episode of Upwardly Mobile, we delve into the world of Frida, a powerful dynamic instrumentation toolkit. While invaluable for developers and security researchers, Frida also poses significant risks to mobile applications, particularly in sectors like fintech, healthcare, and mobile gaming. Join us as we explore how Frida works, the threats it presents, and the essential strategies for protecting your apps against it. We'll discuss techniques from code obfuscation and certificate pinning to real-time RASP solutions. Learn...2025-02-0811 minUpwardly Mobile - API & App Security NewsChina Challenges Apple: App Store Fees and Developer FreedomChina Challenges Apple: App Store Fees and Developer FreedomChina's Antitrust Concerns: The State Administration for Market Regulation (SAMR) is examining Apple's App Store policies. This investigation may be a response to U.S. tariffs and reflects growing concerns over the dominance of major tech companies.Impact on App Developers: This probe could significantly affect mobile app developers.Potential benefits include:• Reduced App Store fees: Regulatory intervention might force Apple to lower commissions.• Increased competition: Developers may gain more freedom to distribute apps through alternative stores.• Enhanced market access: C...2025-02-0717 minUpwardly Mobile - API & App Security NewsWho's Tracking You? The Shocking Gravy Analytics Data BreachMassive Location Data Breach at Gravy Analytics: Millions at RiskEpisode Summary: This episode discusses the recent data breach at Gravy Analytics, a major player in the location data industry. Hackers claim to have stolen a large amount of sensitive data, including customer lists, industry information, and precise location data harvested from smartphones1. This breach has potentially exposed the private information of millions of people worldwide2. The implications of this breach are significant, raising concerns about deanonymization risks, tracking, and the potential sale of bulk location data on underground markets3.Discussion Points:•2025-02-0609 minUpwardly Mobile - API & App Security NewsMapping Africa's Cybersecurity DevelopmentUpwardly Mobile PodcastEpisode Title: Are Your Financial Apps Safe? Cybersecurity Risks in AfricaExposed SecretsHost: What kinds of secrets are exposed? Researchers found a range of easily accessible items in the apps' code, including:Encryption keys for securing sensitive data.Authentication keys for accessing services.Database credentials.Payment gateway secrets.OAuth client secrets.Push notification keys.Google Cloud API keys, found in 86% of the examined applications.Facebook authentication tokens, found in approximately 15.3% of the apps.Host: 18% of the investigated apps revealed high severity secrets, which could lead to unauthorized access, data...2025-02-0224 minUpwardly Mobile - API & App Security NewsUK Watchdog Targets Apple and Google: Mobile Ecosystems Under Scrutiny for Stifling InnovationIn this episode of Upwardly Mobile, we delve into the critical issue of mobile app security and explore the argument that Apple and Google's monopolistic practices are hindering innovation and increasing long-term cyber risks for consumers1.... We examine how the dominance of these two tech giants in the mobile app ecosystem may be inadvertently creating vulnerabilities and limiting the potential for more robust security solutions. We also discuss potential alternative approaches to mobile app security.Key Discussion Points:•Monopolistic Behavior: We discuss how Apple and Google control the mobile app ecosystem, restricting competition and innovation.... Th...2025-01-3018 minUpwardly Mobile - API & App Security NewsDigital Markets Act Under Scrutiny: Fair Competition or Tech Giant Tussle?Episode: "Digital Markets Act Under Scrutiny: Fair Competition or Tech Giant Tussle?"Episode Summary:In this episode of Upwardly Mobile, we delve into the complexities surrounding the EU's Digital Markets Act (DMA) and its impact on the tech industry. We explore the ongoing debate about whether the DMA is achieving its goals of fostering fair competition and innovation or if it is facing challenges from powerful tech gatekeepers. We also examine how the DMA may be affecting app security.Key Talking Points:•The Digital Markets Act (DMA): We discuss the DMA's ob...2025-01-2815 minUpwardly Mobile - API & App Security NewsThe Data Gold Mine | How Car Manufacturers are Monetizing Your Driving HabitsEpisode Summary:In this episode of Upwardly Mobile, we delve into the fascinating, and sometimes concerning, world of automotive data monetisation. Your car is no longer just a mode of transport; it's a data-generating machine, and manufacturers are increasingly looking to leverage this information for profit1.... We explore how the vast amounts of data collected from connected vehicles are being used, the potential benefits for consumers, and the challenges surrounding privacy and data security. From personalised insurance rates to predictive maintenance, we uncover the various ways car data is being monetised, and what this means for you...2025-01-2718 minUpwardly Mobile - API & App Security NewsIs Code Obfuscation Still Effective in the Age of AI?Code Obfuscation in the Age of AI: Key Mobile App Security ConcernsEvolving Threat Landscape: Mobile apps face a constantly changing environment with increasingly diverse cyberattacks. This requires organisations to be proactive in their security measures.Compliance: There is growing emphasis on adhering to strict security regulations from financial and other regulatory bodies, including the need for malware detection and prevention of sideloading.User Privacy: Operating systems are introducing enhanced privacy features, such as granular app permissions and real-time data access alerts, which developers must consider.Proactive Security: Traditional security approaches are often inadequate, necessitating proactive strategies...2025-01-2517 minUpwardly Mobile - API & App Security NewsIndia's App Store Showdown: Will Apple and Google Bend to Government Demands?India's App Store Showdown: Will Apple and Google Bend to Government Demands?Episode Description: In this episode of Upwardly Mobile, we delve into the escalating conflict between the Indian government and tech giants Apple and Google. India, a rapidly growing smartphone market, is pushing for greater control over its digital landscape, demanding that Apple and Google include a state-backed app store, GOV.in, on their platforms1.... We explore the potential implications of this move, from cybersecurity to market dominance, and discuss whether these tech giants will concede to government pressure. Will India's push set...2025-01-2310 minUpwardly Mobile - API & App Security NewsOpen Mobile Hub - Revolutionizing Mobile App DevelopmentUpwardly Mobile Podcast - Episode Title: Open Mobile Hub - Revolutionizing Mobile App DevelopmentEpisode Description: This week we delve into the evolving landscape of mobile app development, exploring how new regulations and open-source initiatives are challenging the dominance of closed ecosystems. We'll discuss the implications of Japan's new law forcing Apple and Google to open their mobile platforms, and the impact of the Linux Foundation's new Open Mobile Hub. We will also explore how developers can secure their apps in open environments, using solutions like Approov.Key Discussion Points:2025-01-2013 minUpwardly Mobile - API & App Security NewsLittle Red Book, Big Data Risk: The REDnote Security ThreatLittle Red Book, Big Data Risk: The REDnote Security ThreatIn this episode of Upwardly Mobile, we dive into the complex and concerning rise of REDnote, the Chinese social media app gaining traction in the US after the TikTok ban. Is it just a new platform for social media users or a significant threat to data security and national security? We explore the reasons why millions of Americans are migrating to this app, the potential dangers it poses, and what it means for the future of social media regulation. Join us as we unpack the paradox...2025-01-1912 minUpwardly Mobile - API & App Security NewsThe Coalition for App Fairness - Japan's SSCPA LawEpisode Title: The Coalition for App Fairness:Welcome to today's discussion on the app store ecosystem and the challenges of anti-competitive policies imposed by tech giants like Apple and Google.We will explore how these companies' practices affect developers and consumers.The Problem: A Broken MarketplaceApple and Google charge up to 30% on most in-app purchases, which is significantly higher than transaction fees in any other industry.This "app tax" impacts consumer spending power and significantly reduces developer revenue.This fee creates an unfair competitive advantage for Apple's own apps that compete with third...2025-01-1520 minUpwardly Mobile - API & App Security NewsApple Under Fire: £1.5 Billion App Store LawsuitUpwardly Mobile: Apple Under Fire: £1.5 Billion App Store LawsuitEpisode Summary: In this episode of Upwardly Mobile, we delve into the groundbreaking £1.5 billion class-action lawsuit that Apple is facing in the UK. We break down the complex legal battle, the arguments from both sides, and what it could mean for consumers and the tech industry as a whole. Is Apple abusing its dominant position in the app market, or is this just another example of opportunistic litigation? We'll explore the details of this landmark case. Key Discussion Points:The Lawsuit: A detailed look at th...2025-01-1316 minUpwardly Mobile - API & App Security NewsFlexion | Level Up Your Revenue + How to Reduce App Store Fees & Combat CheatingUpwardly Mobile | Episode: Level Up Your Revenue: How to Reduce App Store Fees and Combat Cheating Episode Summary: Are you a mobile game developer struggling with the high costs of app store fees and the persistent threat of cheating? In this episode of Upwardly Mobile, we dive deep into strategies to maximise your revenue and protect your games. We'll explore how to navigate the complex landscape of app store fees charged by Apple and Google and introduce innovative solutions to help you keep more of your earnings. We'll also tackle the crucial topic of game security...2025-01-1211 minUpwardly Mobile - API & App Security NewsMobile Security Threats to Connected Car AppsThis episode of Upwardly Mobile explores the security challenges in automotive mobile application development.As cars become more connected, they also become prime targets for cyberattacks. Insecure mobile apps represent a significant attack vector in the connected car ecosystem, as they provide criminals with a gateway to access vehicle systems and sensitive data12.APIs, which are essential to the automotive data ecosystem, also introduce security risks. Hackers can exploit vulnerabilities in APIs to gain unauthorised access to or control over vehicle systems. Cases have already occurred where hackers accessed account credentials to launch remote attacks on vehicle APIs23.2025-01-1018 minUpwardly Mobile - API & App Security NewsFireScam Android Malware: How Fake Telegram Premium Apps Exploit Firebase for Stealth AttacksFireScam Android Malware: How Fake Telegram Premium Apps Exploit Firebase for Stealth AttacksFireScam employs several techniques to evade detection and maintain persistence on a device.Disguise: The malware is distributed disguised as the "Telegram Premium" application, through a phishing website that mimics the legitimate RuStore application store. This disguise is intended to trick users into installing the malware, as they may believe they are installing a legitimate application.Dropper: A dropper named ‘ru.store.installer’ is used to install FireScam on devices running Android 8 and newer. The dropper requests several permissions, incl...2025-01-0930 minUpwardly Mobile - API & App Security NewsEpic Games Store Pre-loads Millions of Telefónica Android DevicesUpwardly Mobile API and App Security Podcast Show NotesEpisode Title: Epic Games Takes on the App Store Giants: A New Era of Mobile Gaming?Episode Summary:This week, George and Skye discuss the groundbreaking partnership between Epic Games and Telefónica and its potential to reshape the mobile gaming landscape. They'll delve into how this deal challenges the dominance of Google and Samsung in app distribution, explore the implications for developers and consumers, and analyze the future of mobile app security in a more competitive market.Keywords: Epic Games, Telefónica, Google Play Store, Samsung Ga...2025-01-0720 minUpwardly Mobile - API & App Security NewsPegasus Spyware! | Widespread Mobile Infections reported by iVerifyUpwardly Mobile - Episode DetailsThe Pegasus spyware has a wider reach and impact than previously understood, affecting not only high-profile targets but also a broader range of individuals. Here's a breakdown of its reach and impact based on the sources:Targeted individuals: While initially known for targeting journalists, political activists, and government officials, Pegasus has also been found on the devices of business leaders and people in government or commercial enterprises. The spyware can be used to surveil individuals who may not seem like likely targets.Infection rate: iVerify's investigation found an infection rate of 2.5 infected...2025-01-0715 minUpwardly Mobile - API & App Security NewsApple's $95 Million Siri Privacy SettlementApple has agreed to a $95 million settlement in a class action lawsuit alleging that its Siri assistant recorded private conversations and shared them with third parties. The lawsuit claims that Siri's microphone was activated unintentionally, recording conversations without the user's knowledge, and that this audio data was shared with third-party marketers and advertisers. Here's a breakdown of the key points:Allegations: The lawsuit alleges that Apple violated the federal Wiretap Act and California's Invasion of Privacy Act by recording and sharing private conversations without user consent. Users reported being targeted with advertisements related to sensitive topics discussed in private when...2025-01-0413 minUpwardly Mobile - API & App Security NewsDirty Secrets | Exposed API Key Vulnerabilities in Mobile AppsThis podcast episode explores the security vulnerabilities of the top financial apps in the US and Europe.A staggering 92% of the top 650 finance apps scanned in Q1 2023 revealed valuable secrets, with 23% exposing high-value secrets such as API keys and other sensitive information. These findings, from the Approov Mobile Threat Lab Security Report, highlight a concerning trend in mobile app security.The report analyses the attack surfaces that hackers target, including:●Protecting Secrets at Rest: This involves securing sensitive information stored within the app's code.●Protecting Secrets in Transit: Measures taken to prevent man-in-the-middle attacks, wher...2025-01-0426 minUpwardly Mobile - API & App Security NewsHIPAA Security Rule Updates and Cybersecurity in Mobile HealthcareThe U.S. Department of Health and Human Services (HHS) is proposing updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to address increasing data breaches and cyberattacks in the healthcare sector, which have significant implications for mobile apps and APIs that handle electronic protected health information (ePHI). These updates aim to enhance the security of patient data by enforcing stricter cybersecurity measures.Here's a summary of how the proposed HIPAA rules apply to mobile apps and APIs:● Data Encryption: The new rules mandate the encryption of protected health information (PHI)13. This means that data must be...2025-01-0228 minUpwardly Mobile - API & App Security NewsExploring the OpenWallet Foundation (OWF) - Interoperable Digital WalletsPodcast Episode Title: Exploring the OpenWallet Foundation and the EU Open Source Policy Summit Welcome to Upwardly Mobile, where we explore the latest trends in technology and innovation. In this episode, we'll be discussing the importance of open source in shaping our digital future, with a particular focus on the OpenWallet Foundation (OWF) and the upcoming EU Open Source Policy Summit.Part 1: The OpenWallet Foundation (OWF)What is the OWF? The OpenWallet Foundation, hosted at the Linux Foundation, aims to bring developers, standard development organisations, and academia together to facilitate global interoperability of verifiable credentials.Mission: T...2025-01-0112 minUpwardly Mobile - API & App Security NewsUS Treasury Department: Chinese Hackers Exploit API VulnerabilityEpisode Title: US Treasury Department: Chinese Hackers Exploit API VulnerabilityIntroduction:This episode examines the cyberattack on the U.S. Treasury Department, which was facilitated by a compromised API key from BeyondTrust's Remote Support SaaS platform.The breach is attributed to Chinese state-sponsored threat actors.Key Events and Timeline:Compromised API Key: A BeyondTrust API key was exploited by attackers to gain initial access. The method of initial access remains unclear.Detection: BeyondTrust detected suspicious activity on December 2, 2024.Key Revoked: The compromised API key was revoked on December 8 after the breach was confirmed.Zero-Day Exploitation: The attackers exploited...2024-12-3116 minUpwardly Mobile - API & App Security NewsThe Prometheus Security Breach | 300K Instances Exposed!Episode Notes: Prometheus Security Breach - Are Your Mobile Secrets Safe?Headline: Hundreds of thousands of Prometheus servers and exporters found vulnerable to attacks, potentially leaking sensitive credentials and API keys.Description: In this episode, we discuss the recent security breach impacting Prometheus, a widely used open-source monitoring and alerting tool. We'll explore the vulnerabilities, the potential impact on organisations, and most importantly, the steps you can take to protect your systems.Key Takeaways:● Vulnerability: The root of the issue lies in RepoJacking, where attackers exploit abandoned or renamed GitHub repositories to int...2024-12-3016 minUpwardly Mobile - API & App Security NewsApple DeviceCheck and AppAttest LimitationsHere are some notes for an episode of the Upwardly Mobile podcast about Apple App Attest and Device Check:What are Apple App Attest and Device Check?●DeviceCheck is an iOS framework introduced in iOS 11.1 It allows developers to set and query two binary flags per device, helping them track information like whether a user has claimed a free offer.23●App Attest, added to DeviceCheck in iOS 14, verifies that an app is genuine and untampered.4 It uses cryptographic keys generated on the device and verified by Apple.3How do they work?●DeviceCheck genera...2024-12-2813 minUpwardly Mobile - API & App Security NewsMobile API Security | Closing the Protection Gap with a Mobile SDKEpisode Notes: Closing the API Security Gap with a Mobile SDKsIn this episode, we delve into the critical topic of mobile app API security and explore how a robust SDK solution like Approov can bridge the gap left by traditional security measures.Key Discussion Points:●The mobile security gap: Traditional application security vendors, while focusing on web application and API protection (WAAP), often neglect the specific vulnerabilities of mobile apps.12●Limitations of backend security: Solutions like WAFs and API gateways rely on observing traffic patterns at the backend. This approach can be i...2024-12-2314 minUpwardly Mobile - API & App Security NewsZero Trust Mobile Security with ApproovSynopsis: In this episode, we explore the critical world of mobile app security and how the concept of zero trust is reshaping the way we protect sensitive data. We delve into the vulnerabilities inherent in traditional security models and discuss why a zero trust approach is essential for safeguarding your apps and your users. Guest: Dr. Edward Amoroso, Chief Executive Officer, TAG InfosphereKey Discussion Points:The Mobile Threat Landscape: Discuss the evolving threats facing mobile apps, including API abuse, infrastructure-in-the-middle attacks, unauthorized usage, fake apps, bots, and data breaches. [1-5]Zero Trust Principles: Explain the core principles of zero...2024-12-2018 minUpwardly Mobile - API & App Security NewsTikTok Ban Upheld | A Legal ShowdownPodcast Notes: TikTok Ban, Data Privacy and the Future of Social MediaKeywords: TikTok, ban, data privacy, cybersecurity, free speech, social media, USA, China, Apple, Google, Meta, Amazon, algorithms, surveillance.Links:●https://www.forbes.com/sites/petersuciu/2024/12/06/tiktok-ban-upheld-by-appeals-court-clock-running-out-for-bytedance/●https://www.forbes.com/sites/zakdoffman/2024/10/04/warningtiktok-posts-caught-stealing-iphone-android-user-passwords/Introduction●The US Court of Appeals has upheld the ban on TikTok, citing national security concerns over data sharing with China12.●This decision has ignited debates about free speech, data privacy, and the power of Big Tech3.The TikTok Ban: A Timeline●Presi...2024-12-1609 minUpwardly Mobile - API & App Security NewsOver-the-Air Updates | Essential for Mobile App Security in the AI AgeUpwardly Mobile - App Security in the AI Age Episode Overview: This episode dives into the critical importance of over-the-air (OTA) updates for securing mobile apps and APIs in today’s dynamic threat landscape.Key Takeaways:AI is revolutionising cyberattacks, rendering traditional security methods like obfuscation and white-box cryptography obsolete. These static defenses cannot keep pace with AI’s pattern recognition capabilities and the rapid evolution of threats.OTA updates provide the agility and adaptability essential for effective app security. They enable real-time threat mitigation, dynamic API protection, enhanced resilience against AI threats, and improved user experience.Real...2024-12-1418 minUpwardly Mobile - API & App Security NewsAtrium Health Data Breach Impacts 585,000In this episode, we delve into the significant implications of the recent Atrium Health data breach, where over 585,000 individuals' information was potentially exposed through online tracking tools. This breach underscores the urgent need for robust API security in mobile applications, particularly in healthcare. We explore the key vulnerabilities in API implementations, the risks of insufficient security measures, and how attackers exploit gaps in app ecosystems.Learn about best practices for securing mobile APIs, including implementing app attestation, runtime protection, and API threat management, to safeguard sensitive user data and maintain compliance with evolving privacy laws.This episode is proudly sponsored...2024-12-1412 minUpwardly Mobile - API & App Security NewsIs Direct-to-Consumer the Future of Mobile Apps Distribution?Podcast Episode Title: "Upwardly Mobile: The Shift to Direct-to-Consumer (DTC) DistributionMobile applications and their APIs are vital for accessing data and services, but they are also major targets for security breaches.Bad actors exploit vulnerabilities to steal data, disrupt services, and hijack devices.The mobile app security landscape is challenging because app code is easily available and can be reverse-engineered.A key challenge is determining if an app or its environment has been tampered with.Client software attestation is important for verifying the authenticity of a mobile client before granting server access.The Shift to...2024-12-1320 min
ASecuritySite PodcastAn Interview with Ted MiraccoTed Miracco is the CEO of Approov and which is Scottish/US company that is headquartered in Edinburgh. Miracco has over 30 years of experience in cybersecurity, defence electronics, RF/microwave circuit design, semiconductors and electronic design automation (EDA). He co-founded and served as CEO of Cylynt, which focuses on intellectual property and compliance protection2024-04-231h 12
DOJ versus Apple - iSue the iPhoneCan the EU’s Digital Markets Act end Apple and Google’s app store dominance and deliver better security?Today on Isue we find out if the EU’s Digital Markets Act ends Apple and Google’s app store dominance and delivers better security? through an article from indurstry expert, Ted Miracco, chief executive officer, Approov Mobile Security.Ted says The European Union's Digital Markets Act (DMA) takes significant steps toward reshaping digital marketplaces affecting the so-called gatekeepers: Apple and Google. While the DMA aims to foster competition and innovation by breaking down monopolistic barriers, it indirectly shines a spotlight on mobile app security.In supporting alternative app stores and “sideloading,” the DMA encourag...2024-04-0709 min
The Cyber Go-To-Market podcast for cybersecurity sales and marketing teams. Save Cybr Donut!193: How to start growing revenue with Ted Miracco, CEO of ApproovThis week on Sales Bluebird, we sat down with Ted Miracco, CEO of Approov Mobile Security. Hear what he has to say about the future of mobile security and why his company is so well-positioned to make an impact.In this episode, you will learn the following:1. Why Approov is so well positioned2. Ted’s main focus as the new CEO for the next few quarters3. The challenge Approov faces with reaching application developers and getting noticed in a very noisy marketResources:...2023-02-2839 min
The EPAM Continuum Podcast NetworkSilo Busting 23: Zero Trust, APIs, and Mobile Security with David Stewart and Sam RehmanThe bad guys don’t necessarily want your apps. What interests them? Your APIs. In our latest #CybersecurityByDesign conversation David Stewart, CEO of Approov, tells Sam Rehman, our Chief Information Security Officer and SVP: “The majority of attacks that we see are not done by modified apps but they’re done by scripts which have studied the app to the extent of being able to impersonate traffic and transactions that look like they’re coming from a genuine app instance.” This allows the nefarious actors out there to bypass apps completely. Scary stuff. Stewart and Rehman focus their talk on subtleties...2021-05-2027 min