Shows
Upwardly Mobile - API & App Security NewsThe 3.5 Billion WhatsApp Scraping Flaw: Is Your Mobile API Leaking?The 3.5 Billion WhatsApp Scraping Flaw: Is Your Mobile API Leaking?Episode Summary: In this episode, we break down a massive vulnerability discovered by researchers at the University of Vienna and SBA Research that allowed them to scrape data from roughly 3.5 billion WhatsApp accounts globally. We explore how a lack of rate limiting on the specific GetDeviceList API endpoint turned a benign contact discovery feature into a massive "enumeration oracle," allowing a single university server to query over 100 million numbers per hour. We discuss the types of data exposed—including active status, device types, public encryption keys, an...
2025-12-2211 min
Upwardly Mobile - API & App Security NewsApple's DMA Non-Compliance: An Open LetterApple's DMA Non-Compliance: An Open LetterIn this episode of *Upwardly Mobile*, we break down the seismic shift in the mobile app landscape following the European Commission’s decision to formally fine Apple €500 million for breaching the Digital Markets Act (DMA). We explore why regulators view Apple’s recent changes not as genuine adherence to the law, but as "malicious compliance"—a deliberate attempt to technically meet requirements while maintaining control and fees.We also discuss the December 2025 Open Letter sent by app developers to EU President Ursula von der Leyen, which argues that Apple’s...
2025-12-1508 min
Upwardly Mobile - API & App Security NewsChinese Hackers & the React2Shell CrisisChinese Hackers & the React2Shell CrisisThis week, we dive deep into the critical, maximum-severity security flaw known as React2Shell (tracked as CVE-2025-55182). This vulnerability, which impacts React, the widely-used open-source JavaScript library, allows for unauthenticated remote code execution (RCE) through specially crafted HTTP requests on affected servers. The episode explores the immediate aftermath of the disclosure. Exploitation attempts began quickly, with Amazon Web Services (AWS) reporting that multiple China-linked threat groups, specifically Earth Lamia and Jackpot Panda, were exploiting the flaw within hours of its public availability. These actors are using both automated tools and...
2025-12-0812 min
Upwardly Mobile - API & App Security NewsHow Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS WarfareThe Multi-Terabit Battlefield: How Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS WarfareOn November 18, 2025, a massive Cloudflare service interruption took down major platforms worldwide, including X, ChatGPT, Shopify, and various critical transit services. Given the intense, ongoing cyber conflict, initial speculation immediately pointed toward a successful, hyper-volumetric Distributed Denial-of-Service (DDoS) attack. Cloudflare has recently been at the forefront of blocking unprecedented assaults from notorious botnets, including Mirai and the newer, "TurboMirai-class" Aisuru botnet. The company successfully mitigated record-breaking Mirai-variant attacks measured at 5.6 Tbps (October 2024) and 7.3 Tbps (May 2025). Furthermore, the Aisuru botnet, which is responsible for hitting...
2025-11-2410 min
Upwardly Mobile - API & App Security NewsBlack Friday's Hidden Threat: Stopping AI-Powered Fraud and Mobile Commerce ExploitsBlack Friday's Hidden Threat: Stopping AI-Powered Fraud and Mobile Commerce Exploits The biggest shopping days of the year—Black Friday and Cyber Monday—have also become the prime hunting grounds for cybercriminals, with global financial losses from attacks predicted to hit $10 billion in 2024. In this episode, we dive deep into the rising statistics shaping financial cybersecurity during the holiday shopping season, focusing on how sophisticated, AI-driven scams and mobile app vulnerabilities are creating a perfect storm for retailers and consumers alike. Episode Highlights: The State of Financial Cybercrime Cybercriminal activity spikes by 70% during Black Friday compared to r...
2025-11-2112 min
Upwardly Mobile - API & App Security NewsX Joins App Fairness Coalition to Combat MonopoliesIn this pivotal episode of Upwardly Mobile, we dive into the significance of X (formerly known as Twitter) joining the Coalition for App Fairness (CAF). This move signals growing momentum in the global effort to reform the mobile app ecosystem, currently dominated by Apple and Google, whose practices are alleged to harm consumers and developers alike. We examine X's commitment to dismantling monopolistic practices and fostering a digital future where competition thrives and innovation is rewarded. Furthermore, we discuss the context of this fight, including the recent U.S. Department of Justice (DOJ) antitrust complaint filed against Apple. CAF asserts...
2025-11-1708 min
Upwardly Mobile - API & App Security NewsStanding Up to Extortion: Lessons from the Checkout.com BreachStanding Up to Extortion: Lessons from the Checkout.com Breach and the Rise of Vishing Attacks DescriptionThis week on Upwardly Mobile, we dive deep into the tactics of the prolific criminal group ShinyHunters and explore how global enterprises are responding to sophisticated cyber extortion attempts in 2025. We analyze two major security incidents that highlight critical vulnerabilities in legacy systems and modern OAuth ecosystems. The Extortion Dilemma: Checkout.com Stands FirmWe detail the incident where Checkout.com was contacted by ShinyHunters, who demanded a ransom after gaining unauthorized access to a...
2025-11-1509 min
Upwardly Mobile - API & App Security NewsThe Edge Advantage: Why Cloudflare and Approov Outpace Zscaler in API Security?Remote Attestation vs. RASP: Securing Mobile APIs at the Edge (Zscaler vs. Approov/Cloudflare) On this episode of Upwardly Mobile, we dive deep into the most critical architectural debate in mobile API security today: Does security enforcement belong on the client device (RASP) or off-device at the network edge (Remote Attestation)? We break down the philosophical and technical differences between the integrated Zscaler ZSDK approach, which bundles Runtime Application Self-Protection (RASP), and the specialized, edge-native partnership between Approov and Cloudflare. Discover why security experts argue that because the attacker ultimately controls the client environment, remote attestation is superior for defense...
2025-11-0711 min
Upwardly Mobile - API & App Security NewsApp Store Revolution: Google Play Opens to Third-Party Payments (The Epic Games Aftermath)Upwardly Mobile: Episode Notes Episode Title: App Store Revolution: Google Play Opens to Third-Party Payments (The Epic Games Aftermath) Summary: In this episode of Upwardly Mobile, we break down the monumental shift in the Android ecosystem following the Supreme Court’s refusal to hear Google's final appeal. Google has finally opened its Google Play app store to third-party payment options for U.S. developers, settling a multi-year legal battle initiated by Epic Games. We discuss what this means for developers seeking to maximize revenue, the new freedom to direct users to cheaper external payment options, and the resulting challenges in ma...
2025-11-0310 min
Upwardly Mobile - API & App Security NewsThe Unseen Storm: Securing APIs and Protecting Against Key ExposureThe Unseen Storm: Securing APIs and Protecting Against Key ExposureThis week on Upwardly Mobile, we delve into the hidden dangers lurking within seemingly simple applications and the advanced solutions required to close the modern mobile security trust gap. We analyze a case study involving a basic weather application to illustrate how common development mistakes—like exposing sensitive API keys and neglecting input validation—create catastrophic security vulnerabilities, potentially leading to data breaches, financial loss, and system compromise. The Problem: Client-Side Secrets and Architectural Flaws The proliferation of web applications consuming public APIs has vastly expanded the...
2025-10-2714 min
Upwardly Mobile - API & App Security NewsUK Competition and Markets Authority (CMA) designate Apple and Google with Strategic Market StatusUK CMA Declares Apple & Google Have Strategic Market Status (SMS): The Future of Mobile Competition and Security In this pivotal episode of "Upwardly Mobile," we break down the monumental decision by the UK Competition and Markets Authority (CMA) to officially designate Apple and Google with Strategic Market Status (SMS) in their respective mobile platforms. This move is set to reshape digital markets across the UK and has massive implications for app developers, businesses, and mobile security worldwide. Key Takeaways from the CMA's Decision (Published 22 October 2025): The CMA launched its investigations in January 2025 under the Digital Markets...
2025-10-2212 min
Upwardly Mobile - API & App Security NewsF5's Zero-Day Roadmap and the Unacceptable Risk to Mobile Apps & APIsAPI Security Under Fire: F5's Zero-Day Roadmap and the Unacceptable Risk to Mobile AppsThe F5 BIG-IP Breach and What It Means for Developers This week on Upwardly Mobile, we dive into the fallout from the catastrophic security breach at F5 Networks, where a sophisticated nation-state adversary compromised the integrity of the critical BIG-IP product line. We discuss why this incident poses an imminent and unacceptable risk to organizations—especially mobile app developers who rely on F5 devices for critical API security infrastructure like load balancing and firewalling. The Compromise: Source Code, Credentials, and Zero-Day Ro...
2025-10-2012 min
Upwardly Mobile - API & App Security NewsNext Generation Attestation to Secure Mobile Apps Against Threats from AIMobile is officially the digital default. In this episode of Upwardly Mobile, we explore the staggering statistics showing mobile devices dominating global internet usage and discuss the critical security challenges that arise from this mobile-first environment. We then delve into the cutting-edge solution offered by our sponsor, Approov, and their latest platform update, Approov 3.5, designed to secure brands against evolving threats, including AI-driven attacks and new regulatory pressures.The Mobile Tipping Point: 64% and RisingThe mobile landscape is at an inflection point. As of 2025, over 64% of all website traffic comes from mobile devices...
2025-10-1111 min
Upwardly Mobile - API & App Security NewsBig Tech's Gamble: Lawsuits Challenge Apple, Google, and Meta Over Social Casino AppsIn this episode of Upwardly Mobile, we dive into the significant legal challenges facing major technology companies—Apple, Google (Alphabet), and Meta Platforms—as they are forced to defend themselves against class action lawsuits alleging that they promoted and profited from illegal social casino gambling apps. A recent ruling by U.S. District Judge Edward Davila in San Jose, California, denied the companies' requests to dismiss the lawsuits. The plaintiffs, numbering in the dozens, contend that the companies' platforms—Apple’s App Store, Google’s Play Store, and Meta’s Facebook—promoted an “authentic Vegas-style experience of slot machine gambling” through an alleged...
2025-10-0510 min
Upwardly Mobile - API & App Security NewsHow Misconfigured Firebase Servers Exposed User Credentials and Private Data?In this critical episode of Upwardly Mobile, we delve into the alarming cybersecurity incident involving massive data exposure stemming from misconfigured Firebase servers. Cybersecurity researchers uncovered a breach that exposed the sensitive information and plaintext passwords of over 1.8 million users. This wasn't the result of sophisticated hacking, but rather "basic negligence" and developers failing to implement standard security settings.We discuss why Firebase, Google's popular backend-as-a-service (BaaS) for mobile apps, has become a liability risk when developers neglect configuration best practices.What was exposed and the devastating scope of the...
2025-10-0310 min
Upwardly Mobile - API & App Security NewsNeon's Data Disaster: How a Viral AI App Exposed 75,000 Users and Went DarkNeon's Data Disaster: How a Viral AI App Exposed 75,000 Users and Went DarkIn this urgent episode of Upwardly Mobile, we break down the spectacular rise and immediate fall of the highly controversial mobile application, Neon. The app, which recently topped the charts and went viral on platforms like TikTok, promised users payment in exchange for recording their phone calls. These recordings were then sold to AI companies for training. However, less than 24 hours after gaining widespread attention, a significant security flaw was discovered. According to reports from TechCrunch, this flaw allowed public access to extremely sensitive...
2025-09-2912 min
Upwardly Mobile - API & App Security NewsGoogle's Legal Gauntlet: Antitrust Battles and the Future of the App EcosystemGoogle's Legal Gauntlet: Antitrust Battles and the Future of the App Ecosystem This week on Upwardly Mobile, we dissect the flurry of major legal decisions facing Google in September 2025, from its desperate plea to the Supreme Court to halt the Epic Games injunction to the final ruling in the federal search monopoly case. We explore the massive shifts coming to the Android app ecosystem and Google's mandated business practice changes. Episode Notes September 2025: A Critical Month for Google's Antitrust Defense Google is challenging two massive antitrust rulings simultaneously, initiating what the sources describe as its "last h...
2025-09-2612 min
Upwardly Mobile - API & App Security NewsApple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security ChallengesApple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security ChallengesIn this vital episode of "Upwardly Mobile," we dive deep into the complexities of mobile app security within the healthcare sector, particularly concerning the HIPAA Security Rule and the challenges of iOS code obfuscation and App Store review. As telemedicine and mobile access to ePHI (Electronic Protected Health Information) become ubiquitous, understanding and implementing robust security measures is no longer optional—it's imperative. What You'll Learn in This Episode:The Evolving Threat Landscape for Healthcare Apps: Discover how the rapid adoption of mobile healthcare apps by bo...
2025-08-1820 min
Upwardly Mobile - API & App Security NewsFrom Vibe to Venture: Building and Securing Your Mobile Apps and APIsThe Future of App Development with Vibe Coding and ApproovDescription: In this episode of Upwardly Mobile, we delve into the exciting, fast-paced world of "vibe coding" and rapid app development, where concepts can transform into functional Minimum Viable Products (MVPs) in days, not weeks. We discuss how intuitive, AI-powered platforms like Lovable are enabling developers to build full-stack web applications using plain English, focusing on the "vibe" of the application rather than getting bogged down in traditional coding complexities.However, this speed comes with significant security risks
2025-08-1113 min
Daily Security ReviewApproov Secures £5M to Fortify Mobile App and API Security Against AI-Driven ThreatsIn a major step for mobile and API cybersecurity, Approov, the Edinburgh-based security firm specializing in real-time mobile attestation and API protection, has raised £5 million (approximately $6.7 million) in Series A funding. The round, led by the Investment Fund for Scotland with support from Souter Investments, Lanza techVentures, and Scottish Enterprise, will fuel the expansion of Approov’s research and development hub in Scotland while driving global growth.Founded in 2012, Approov has built a reputation as a pioneer in Runtime Application Self-Protection (RASP) and patented mobile app attestation technology. Their solutions block malicious activities such as emulator abuse, roo...
2025-08-0555 min
Upwardly Mobile - API & App Security NewsTea App Breach Exposed 72,000 Selfies & IDs: Urgent Lessons for Mobile API SecurityMobile-First Security: The Urgent Lessons from the Tea App BreachIn this focused segment of Upwardly Mobile, we unpack the recent Tea app breach, a sobering case study that highlights the critical need for a robust mobile-first cybersecurity strategy and proper API security. The Tea app, a women's dating safety application that rapidly climbed to the top of the free iOS App Store listings and reached the No. 1 spot on Apple's US App Store, claiming over 1.6 million users, was designed to allow women to exchange information about men to enhance safety. A key feature involved new...
2025-08-0419 min
Upwardly Mobile - API & App Security NewsUnmasking Konfety: How Remote App Attestation Defeats Evil Twin MalwareIn this episode of Upwardly Mobile, we delve deep into the sophisticated world of Konfety malware and explore how remote app attestation provides a crucial defence against its cunning tactics.Konfety employs an "evil twin" method, creating malicious versions of legitimate apps that share the same package name and publisher IDs as benign "decoy twin" apps found on official app stores. This allows the malware to spoof legitimate traffic for ad fraud and other malicious activities.Konfety's "evil twins" are distributed through third-party sources, malvertising, and malicious downloads, effectively...
2025-07-2415 min
Upwardly Mobile - API & App Security NewsThe Fitify Fiasco: Unpacking 300K Photos Exposed via Hardcoded App Secrets!The Fitify Fiasco: Unpacking 138K Private Progress Photos, 206K Profile Photos & Hardcoded App SecretsWelcome to Upwardly Mobile! In today's episode, we dive deep into the recent massive data leak involving the popular iOS fitness app, Fitify, affecting over 25 million users globally. We'll explore the critical security vulnerabilities exposed and discuss how adherence to standards like OWASP MASVS and advanced solutions like Approov can protect your mobile apps and user data. The Fitify Fiasco: The Cybernews research team recently uncovered a significant data breach with Fitify, a widely used iOS fitness app. Their investigation...
2025-07-2109 min
Upwardly Mobile - API & App Security NewsThe $7M Blindspot: Mobile App Security's Hidden Costs and Fortifying APIs with Zero TrustIn this episode of Upwardly Mobile, we dive deep into the critical, yet often underestimated, world of mobile app security. Drawing on recent research, we uncover a staggering misalignment between perception and reality, highlighting why organizations are facing an average of nine mobile app security incidents per year, with an average financial toll reaching $6.99 million in 2025.While 93% of organizations believe their mobile app protections are sufficient, a substantial 62% have experienced at least one security incident in the past year. The repercussions extend beyond financial losses, including application downtime, sensitive data leaks...
2025-07-1713 min
Upwardly Mobile - API & App Security NewsSmart Home Security: Navigating IoT Risks with Advanced Mobile App ProtectionIn this episode, we dive deep into the pressing concerns of Internet of Things (IoT) security, especially within our increasingly connected smart homes. From smart refrigerators to water shut-off valves, these devices offer immense convenience but also present tempting targets for cybercriminals. We'll explore the array of vulnerabilities, real-world attack statistics, and the innovative solutions emerging to protect our digital and physical spaces.Key Discussion Points:The Alarming State of IoT Security:A shocking 57% of IoT devices are vulnerable to medium- or high-severity attacks, with 70% having serious security vulnerabilities overall.A staggering 98% of IoT device traffic is unencrypted...
2025-07-1414 minUpwardly Mobile - API & App Security NewsUnlocking Zero Trust for Mobile Apps: Bridging the Security GapIn this insightful episode of "Upwardly Mobile," we look into the critical importance of extending Zero Trust principles to consumer-facing mobile applications. Despite the widespread adoption of the "never trust, always verify" security model across enterprises, mobile apps often remain a significant blind spot, operating in uncontrolled and untrusted environments. This oversight exposes organizations to sophisticated attacks, directly impacting customer trust, regulatory compliance, and revenue.Why is mobile the weakest link in today's Zero Trust architecture and how modern threats like silent escalation, runtime tampering, and reverse engineering specifically target the post-installation, runtime environment of mobile apps. With...
2025-07-1112 min
Upwardly Mobile - API & App Security NewsQantas Under Siege: Unpacking the Third-Party Data Breach & Scattered Spider's ThreatQantas Under Siege: Unpacking the Third-Party Data Breach & Scattered Spider's ThreatIn this episode of "Upwardly Mobile," we dive deep into the recent cyberattack on Qantas, Australia’s leading airline, which confirmed on July 2, 2025, that it experienced a cyberattack on a third-party customer service platform in one of its call centers. This incident raised significant alarms, especially just before the busy July 4th travel season in the United States.Key Takeaways from the Breach:Significant Data Compromise: Qantas reported that approximately 6 million customers have service records in the affected pl...
2025-07-0713 min
Upwardly Mobile - API & App Security NewsFortify Your Phone: Android 16's Advanced Security FeaturesFortify Your Phone: Android 16's Advanced Security FeaturesIn this episode, we'll explore two of the most impactful security features in Android 16 that you need to know about: Advanced Protection and Identity Check, along with other significant API security improvements.Key Features and Insights:Android 16's Focus on Security: Despite foundational work for future design and multitasking changes, Android 16's initial rollout emphasizes "significant security enhancements" designed to make a "meaningful difference" in data protection. Android 16 sets the stage for the platform's most dramatic reinvention in ages...
2025-07-0415 min
Upwardly Mobile - API & App Security NewsIndependence Day: Cloudflare's Dual Defense for Mobile Apps & Original ContentIndependence Day: Cloudflare's Dual Defense for Web Mobile Apps & Original ContentWelcome to "Upwardly Mobile"! In this episode, we dive deep into Cloudflare's groundbreaking efforts to protect both mobile applications and original online content from the escalating challenge of AI bots and data scrapers.Key Topics Covered:Protecting Mobile Applications from AI Bots:Cloudflare's AI bot blocking features are fully capable of protecting mobile APIs.Their Bot Management system analyzes incoming traffic without differentiating between desktop and mobile user agents when scoring bot activity.Leveraging machine...
2025-07-0216 min
Upwardly Mobile - API & App Security NewsUnpacking the WestJet Cyberattack | Mobile API Security & Threats to AirlinesUnpacking the WestJet Cyberattack | Mobile App Security and Aviation ThreatsJoin us on "Upwardly Mobile" as we dissect the significant WestJet cyberattack, an incident that brought to light critical vulnerabilities in mobile application security and backend systems within the aviation sector. Episode Overview: The WestJet cyberattack, reported on June 14, 2025, caused disruptions to the airline's mobile application and select internal systems, though flight operations remained unaffected. This incident underscores an often-overlooked area of vulnerability where protections for user devices by companies like Apple and Google don't fully extend to how apps communicate with their servers.
2025-06-3016 min
Upwardly Mobile - API & App Security NewsApple's EU App Store Overhaul | Fees, Fines, and the Fight for DMA ComplianceUnpacking Apple's EU App Store Overhaul: Fees, Fines, and the Fight for DMA ComplianceJoin us on "Upwardly Mobile" as we dive deep into Apple's latest App Store changes in the European Union, a direct response to the stringent Digital Markets Act (DMA). Faced with a hefty €500 million (about $570 million) penalty from the EU for "anti-steering" practices, Apple has introduced a complex new fee structure that's shaking up the mobile app ecosystem. What You'll Learn in This Episode:The New Tier System for Store Services Fees: Discover how Apple's new two-tier system impacts developers. Tier 1 offers ba...
2025-06-2816 min
Upwardly Mobile - API & App Security NewsWhy the Open App Markets Act Matters?Why the Open App Markets Act MattersEpisode Notes:Join us on "Upwardly Mobile" as we delve into the critical issue of how Apple and Google's dominant control over the mobile app ecosystem is stifling innovation in mobile app security and potentially increasing long-term consumer cyber risk. While both companies, especially Apple, are currently seen as doing a "reasonable job" with cybersecurity within their closed environments, experts warn that this "monoculture protection" is not sustainable against evolving threats from nation-states, criminal groups, and AI.The Problem with App Store Monopolies: The core...
2025-06-2615 min
Upwardly Mobile - API & App Security NewsThe 16 Billion Credential Crisis: Blueprint for Mass ExploitationThe 16 Billion Password Leak: Securing Your Digital FootprintEpisode Notes:In this crucial episode of "Upwardly Mobile," we delve into the recent confirmation of what researchers believe is the largest password leak in history, exposing an astounding 16 billion login credentials [1-4]. This "mother of all leaks" involves a vast number of compromised records, with researchers discovering "30 exposed datasets containing from tens of millions to over 3.5 billion records each" [3, 4].Understanding the Massive Breach:• Scope of Compromise: The leaked data includes billions of login credentials from social media, VPNs, developer portals...
2025-06-2514 min
Upwardly Mobile - API & App Security NewsSecuring Critical Mobile Medical Apps | FDA Regulations & CybersecurityFDA Regulation and Cybersecurity for Life-Critical Health AppsWelcome to "Upwardly Mobile," the podcast exploring the intersection of mobile technology, health, and regulation. In this episode, we dive deep into the world of Mobile Medical Apps (MMAs), understanding how the FDA ensures their safety and effectiveness, and why cybersecurity is absolutely non-negotiable in this rapidly evolving landscape.What You'll Learn:• The Rise of mHealth: Mobile health (mHealth) apps are revolutionizing healthcare, empowering patients with personalized monitoring, tracking, and therapeutic support1. The regulated medical apps market is projected to reach a staggering $156 bil...
2025-06-2312 min