Shows
Upwardly Mobile - API & App Security NewsLeveling the Playing Field - Human vs. Betting BotsEpisode Summary In this episode of Upwardly Mobile, we dive into the high-stakes world of sports betting and prediction markets like Polymarket, where millions of dollars move in mere seconds. Human bettors are increasingly finding themselves outmatched—not by sharper sports fans, but by high-frequency trading (HFT) bots and AI agents. We explore how "cheating" in mobile betting has rapidly evolved from simple "bonus bagging" and multi-accounting to complex API impersonation, where AI scrapes odds across 50 books simultaneously.Discover why AI-driven solvers have rendered CAPTCHAs useless, and learn about the "Human Tax"—the invisible cost human bettors pay...
2026-05-0122 minUpwardly Mobile - API & App Security NewsAndroid 17 | Securing the Future: AI Agents, API Risks & Advanced ProtectionWelcome to another episode of Upwardly Mobile, your ultimate guide to defending mobile apps in today’s volatile digital landscape. In this episode, hosts Skye and George unpack the high-stakes security implications of Android 17. As smartphones evolve from passive tools to autonomous "agentic" devices powered by on-device AI and AppFunctions, the attack surface for mobile APIs is expanding dramatically.We explore the critical security trade-offs of these new features, including the rising threats of prompt injection, cross-app data leakage, and the massive "blast radius" if AI agents are tricked into executing unintended actions using legitimate permissions. We also br...
2026-04-2819 minUpwardly Mobile - API & App Security NewsThe Age of Agentic AI: Securing Mobile APIs Against Bots with BrainsEpisode Summary: Welcome back to "Upwardly Mobile"! In this episode, we dive deep into the rapidly evolving mobile threat landscape defined by the rise of "Agentic AI." With Android 17 set to transform our smartphones into active, on-device AI orchestrators by Summer 2026, the security stakes have never been higher. We unpack the alarming findings from the 2026 Cloudflare Threat Report, which highlights the total industrialization of cyber threats and how attackers are using AI as a massive force multiplier.We also explore why legacy bot defenses—like rate limiting, CAPTCHAs, and behavioral biometrics—are completely failing against mode...
2026-03-3022 minUpwardly Mobile - API & App Security NewsEpic Victory: Google Play's Walled Garden Opens Up & What It Means for DevelopersEpic Victory: Google Play's Walled Garden Opens Up & What It Means for DevelopersEpisode Summary: In this episode of Upwardly Mobile, we dive deep into the landmark antitrust settlement between Epic Games and Google that is set to fundamentally reshape the Android app ecosystem globally. After years of legal battles sparked by Epic's "Project Liberty" and the removal of Fortnite from the Play Store, a jury found Google guilty of maintaining an illegal monopoly. We break down the newly announced March 2026 settlement, which significantly drops Play Store commission fees and introduces a game-changing "Registered...
2026-03-1315 minUpwardly Mobile - API & App Security NewsUnpacking the Spotify Exploits: Credential Stuffing, Fake Streams, and Mobile App SecurityUnpacking the Spotify Exploits: Credential Stuffing, Fake Streams, and Mobile App SecurityEpisode Summary: In this episode of Upwardly Mobile, we dive deep into the digital exploitation landscape of one of the world's largest audio streaming platforms. We break down the massive credential stuffing attack that compromised 350,000 Spotify users, exposing the dangers of poor password hygiene and unsecured databases. We also explore the ongoing controversies surrounding Spotify, including lawsuits over artificial streaming, bot farms, and the platform's "Discovery Mode". Additionally, we highlight a growing trend where malicious actors are weaponizing Spotify's search features to...
2026-03-0922 minUpwardly Mobile - API & App Security NewsSecuring Mobile Healthcare | The Hidden Dangers in Mental Health AppsEpisode Summary: In this episode of Upwardly Mobile, we dive deep into a shocking new cybersecurity report revealing that millions of users' highly sensitive medical data may be at risk. We discuss the recent discovery of 1,500 vulnerabilities across 10 incredibly popular mental health apps—which have been downloaded over 14 million times. From leaked therapy transcripts and mood logs to the high black-market value of these stolen health records, we unpack the unique risks threatening the digital healthcare space today.Finally, we explore actionable solutions for healthcare providers and developers to lock down their platforms, featuring insights on Runtime Appl...
2026-02-2823 minUpwardly Mobile - API & App Security NewsThe Triangle of Trust: Mastering Mobile App Attestation & Zero Trust API SecurityWelcome to another episode of Upwardly Mobile! In this episode, we take a deep dive into the evolution of runtime security for mobile API access. Traditional methods like API keys are easily stolen because they are static and stored directly inside the user's app. To combat this vulnerability, we explore the groundbreaking "Triangle of Trust" architecture developed by CriticalBlue, the company behind the Approov mobile security service. We unpack the technical details of US Patent 11,163,858 B2, titled "Client Software Attestation," which establishes a Zero Trust proof of software integrity for apps operating on the public internet. This episode breaks down...
2026-02-2321 min
Upwardly Mobile - API & App Security NewsThe "Rootless" Revolution: Inside the Dopamine Jailbreak & The EBT Security CrisisThe "Rootless" Revolution: Inside the Dopamine Jailbreak & The EBT Security Crisis🎧 Episode Summary In this episode of Upwardly Mobile, we dive into two critical stories reshaping the mobile security landscape. First, we unpack the architecture of Dopamine, the modern "rootless" jailbreak that has cracked iOS 15 and iOS 16 without touching the system partition. We explore how it bypasses Apple’s Signed System Volume (SSV) and what this means for app developers trying to detect compromised devices. Then, we shift gears to a systemic failure in government fintech: why the "Lock Card" feature in EBT mobile apps is failing to st...
2026-02-0614 min
Upwardly Mobile - API & App Security NewsThe Punkt MC03: Can You De-Google Without the Headache?In this episode, we explore the landscape of "privacy-first" smartphones, focusing on the newly unveiled Punkt MC03. We break down whether this Swiss-designed, German-made device can finally offer a viable alternative to the data-harvesting giants of the mobile world. We discuss the trade-offs of leaving the Google ecosystem, the unique "subscription-based" operating system model, and whether the return of the removable battery signals a shift in hardware trends. Key Topics & Timestamps:The "De-Googled" Promise: The Punkt MC03 runs AphyOS, a custom version of Android that strips out Google Mobile Services to minimize background tracking and profiling.AphyOS & The Subscription Model...
2026-01-1310 min
Upwardly Mobile - API & App Security NewsUnmasking "Wonderland" – The New Wave of Android Droppers & SMS StealersIn this episode of Upwardly Mobile, we dive deep into the evolving landscape of Android malware. We break down the emergence of Wonderland (formerly WretchedCat), a sophisticated SMS stealer targeting users in Uzbekistan through legitimate-looking "dropper" applications. We explore how threat actors, specifically the "TrickyWonders" group, are leveraging Telegram and malicious ad campaigns to bypass security checks and hijack devices. We also discuss the broader trend of Malware-as-a-Service (MaaS), including new threats like Cellik, Frogblight, and NexusRoute that are lowering the barrier to entry for cybercriminals globally. From real-time screen streaming to bypassing Google Play protections, we analyze the tactics...
2026-01-0611 minUpwardly Mobile - API & App Security News2026 Mobile API and AI Security Predictions2026 Mobile API and AI Security PredictionsEpisode Summary: In this episode of Upwardly Mobile, we audit the accuracy of Approov’s 2025 cybersecurity forecast. Of the seven trends predicted, four proved to be "absolutely correct." We break down these key hits: the dual-use of AI by attackers and defenders, the undeniable dominance of cross-platform development, the crackdown on open-source supply chain risks, and the heavy impact of new global breach reporting mandates.The 4 Mobile Security Trends That Defined the YearKey Topics — The 4 Correct Predictions:•...
2025-12-2912 min
Upwardly Mobile - API & App Security NewsThe 3.5 Billion WhatsApp Scraping Flaw: Is Your Mobile API Leaking?The 3.5 Billion WhatsApp Scraping Flaw: Is Your Mobile API Leaking?Episode Summary: In this episode, we break down a massive vulnerability discovered by researchers at the University of Vienna and SBA Research that allowed them to scrape data from roughly 3.5 billion WhatsApp accounts globally. We explore how a lack of rate limiting on the specific GetDeviceList API endpoint turned a benign contact discovery feature into a massive "enumeration oracle," allowing a single university server to query over 100 million numbers per hour. We discuss the types of data exposed—including active status, device types, public encryption keys, an...
2025-12-2211 min
Upwardly Mobile - API & App Security NewsApple's DMA Non-Compliance: An Open LetterApple's DMA Non-Compliance: An Open LetterIn this episode of *Upwardly Mobile*, we break down the seismic shift in the mobile app landscape following the European Commission’s decision to formally fine Apple €500 million for breaching the Digital Markets Act (DMA). We explore why regulators view Apple’s recent changes not as genuine adherence to the law, but as "malicious compliance"—a deliberate attempt to technically meet requirements while maintaining control and fees.We also discuss the December 2025 Open Letter sent by app developers to EU President Ursula von der Leyen, which argues that Apple’s...
2025-12-1508 min
Upwardly Mobile - API & App Security NewsChinese Hackers & the React2Shell CrisisChinese Hackers & the React2Shell CrisisThis week, we dive deep into the critical, maximum-severity security flaw known as React2Shell (tracked as CVE-2025-55182). This vulnerability, which impacts React, the widely-used open-source JavaScript library, allows for unauthenticated remote code execution (RCE) through specially crafted HTTP requests on affected servers. The episode explores the immediate aftermath of the disclosure. Exploitation attempts began quickly, with Amazon Web Services (AWS) reporting that multiple China-linked threat groups, specifically Earth Lamia and Jackpot Panda, were exploiting the flaw within hours of its public availability. These actors are using both automated tools and...
2025-12-0812 min
Upwardly Mobile - API & App Security NewsHow Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS WarfareThe Multi-Terabit Battlefield: How Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS WarfareOn November 18, 2025, a massive Cloudflare service interruption took down major platforms worldwide, including X, ChatGPT, Shopify, and various critical transit services. Given the intense, ongoing cyber conflict, initial speculation immediately pointed toward a successful, hyper-volumetric Distributed Denial-of-Service (DDoS) attack. Cloudflare has recently been at the forefront of blocking unprecedented assaults from notorious botnets, including Mirai and the newer, "TurboMirai-class" Aisuru botnet. The company successfully mitigated record-breaking Mirai-variant attacks measured at 5.6 Tbps (October 2024) and 7.3 Tbps (May 2025). Furthermore, the Aisuru botnet, which is responsible for hitting...
2025-11-2410 min
Upwardly Mobile - API & App Security NewsHow Misconfigured Firebase Servers Exposed User Credentials and Private Data?In this critical episode of Upwardly Mobile, we delve into the alarming cybersecurity incident involving massive data exposure stemming from misconfigured Firebase servers. Cybersecurity researchers uncovered a breach that exposed the sensitive information and plaintext passwords of over 1.8 million users. This wasn't the result of sophisticated hacking, but rather "basic negligence" and developers failing to implement standard security settings.We discuss why Firebase, Google's popular backend-as-a-service (BaaS) for mobile apps, has become a liability risk when developers neglect configuration best practices.What was exposed and the devastating scope of the...
2025-10-0310 min
Upwardly Mobile - API & App Security NewsNeon's Data Disaster: How a Viral AI App Exposed 75,000 Users and Went DarkNeon's Data Disaster: How a Viral AI App Exposed 75,000 Users and Went DarkIn this urgent episode of Upwardly Mobile, we break down the spectacular rise and immediate fall of the highly controversial mobile application, Neon. The app, which recently topped the charts and went viral on platforms like TikTok, promised users payment in exchange for recording their phone calls. These recordings were then sold to AI companies for training. However, less than 24 hours after gaining widespread attention, a significant security flaw was discovered. According to reports from TechCrunch, this flaw allowed public access to extremely sensitive...
2025-09-2912 min
Upwardly Mobile - API & App Security NewsJapan says Apple's Must Lift Browser Ban | Billions at Stake, and the Fight for Open Web on iOSApple's Enduring Browser Engine Ban: A Global Standoff for the Open WebDescription:In this episode of Upwardly Mobile, we delve into Apple's persistent ban on third-party browser engines on iOS, a restriction that continues to stifle competition and limit the capabilities of web applications. Despite growing global pressure and explicit legal mandates like the EU's Digital Markets Act (DMA), Apple has maintained technical and contractual barriers that make it commercially unviable for other browser vendors like Google and Mozilla to offer their own engines on iOS. We explore why this b...
2025-08-0814 min
Upwardly Mobile - API & App Security NewsBeyond the Beta: iOS 26 Features, AI, and Next-Gen App SecurityBeyond the Beta: iOS 26 Features, AI, and Next-Gen App SecurityThis episode of Upwardly Mobile dives deep into Apple's groundbreaking iOS 26 update, exploring its transformative new features, the much-anticipated AI integrations, and crucial security considerations for developers. From the visually stunning Liquid Glass design to advanced app attestation requirements, we cover everything you need to know about Apple's latest mobile operating system. iOS 26 Key Features & User Experience iOS 26 marks a significant generational leap for Apple's mobile operating system, moving directly from iOS 18 to align naming with other Apple platforms, and is considered the biggest OS update...
2025-08-0814 min
Upwardly Mobile - API & App Security NewsTea App Breach Exposed 72,000 Selfies & IDs: Urgent Lessons for Mobile API SecurityMobile-First Security: The Urgent Lessons from the Tea App BreachIn this focused segment of Upwardly Mobile, we unpack the recent Tea app breach, a sobering case study that highlights the critical need for a robust mobile-first cybersecurity strategy and proper API security. The Tea app, a women's dating safety application that rapidly climbed to the top of the free iOS App Store listings and reached the No. 1 spot on Apple's US App Store, claiming over 1.6 million users, was designed to allow women to exchange information about men to enhance safety. A key feature involved new...
2025-08-0419 min
Upwardly Mobile - API & App Security NewsSecuring the Cloud | Unlocking True Mobile & API SecurityUnlocking True Mobile & API Security in the Cloud AgeWelcome to "Upwardly Mobile", the podcast dedicated to navigating the complex world of mobile and cloud security! In this episode, we dive deep into why mobile app security and API security are not just technical concerns, but fundamental business imperatives for organisations of all types, from agricultural giants like John Deere to popular dating apps such as Hinge. We explore how the traditional reliance on static defences like code obfuscation is no longer sufficient against today's sophisticated, AI-powered threats, and what a truly resilient, Zero Trust-based security strategy looks like.
2025-08-0120 min
Upwardly Mobile - API & App Security NewsCrypto Under Siege: $2.5 Billion Lost in H1 2025 and the Battle for Web3 SecurityCrypto Under Siege: Billions Lost in H1 2025 and the Battle for Web3 Security**Episode Description:**The first half of 2025 has witnessed an unprecedented surge in cyberattacks against cryptocurrency exchanges, leading to billions of dollars in stolen digital assets [1-3].In this episode of "Upwardly Mobile," we delve into the alarming statistics from CertiK's latest report and dissect the most significant incidents, including the Coinbase data breach and the Bybit hack [1, 2, 4]. Discover the evolving tactics employed by sophisticated attackers—from insider threats and social engineering to supply chain attacks and wallet c...
2025-07-2813 minUpwardly Mobile - API & App Security NewsUnmasking Konfety: How Remote App Attestation Defeats Evil Twin MalwareIn this episode of Upwardly Mobile, we delve deep into the sophisticated world of Konfety malware and explore how remote app attestation provides a crucial defence against its cunning tactics.Konfety employs an "evil twin" method, creating malicious versions of legitimate apps that share the same package name and publisher IDs as benign "decoy twin" apps found on official app stores. This allows the malware to spoof legitimate traffic for ad fraud and other malicious activities.Konfety's "evil twins" are distributed through third-party sources, malvertising, and malicious downloads, effectively...
2025-07-2415 min
Upwardly Mobile - API & App Security NewsThe Fitify Fiasco: Unpacking 300K Photos Exposed via Hardcoded App Secrets!The Fitify Fiasco: Unpacking 138K Private Progress Photos, 206K Profile Photos & Hardcoded App SecretsWelcome to Upwardly Mobile! In today's episode, we dive deep into the recent massive data leak involving the popular iOS fitness app, Fitify, affecting over 25 million users globally. We'll explore the critical security vulnerabilities exposed and discuss how adherence to standards like OWASP MASVS and advanced solutions like Approov can protect your mobile apps and user data. The Fitify Fiasco: The Cybernews research team recently uncovered a significant data breach with Fitify, a widely used iOS fitness app. Their investigation...
2025-07-2109 min
Upwardly Mobile - API & App Security NewsThe $7M Blindspot: Mobile App Security's Hidden Costs and Fortifying APIs with Zero TrustIn this episode of Upwardly Mobile, we dive deep into the critical, yet often underestimated, world of mobile app security. Drawing on recent research, we uncover a staggering misalignment between perception and reality, highlighting why organizations are facing an average of nine mobile app security incidents per year, with an average financial toll reaching $6.99 million in 2025.While 93% of organizations believe their mobile app protections are sufficient, a substantial 62% have experienced at least one security incident in the past year. The repercussions extend beyond financial losses, including application downtime, sensitive data leaks...
2025-07-1713 min
Upwardly Mobile - API & App Security NewsSmart Home Security: Navigating IoT Risks with Advanced Mobile App ProtectionIn this episode, we dive deep into the pressing concerns of Internet of Things (IoT) security, especially within our increasingly connected smart homes. From smart refrigerators to water shut-off valves, these devices offer immense convenience but also present tempting targets for cybercriminals. We'll explore the array of vulnerabilities, real-world attack statistics, and the innovative solutions emerging to protect our digital and physical spaces.Key Discussion Points:The Alarming State of IoT Security:A shocking 57% of IoT devices are vulnerable to medium- or high-severity attacks, with 70% having serious security vulnerabilities overall.A staggering 98% of IoT device traffic is unencrypted...
2025-07-1414 minUpwardly Mobile - API & App Security NewsUnlocking Zero Trust for Mobile Apps: Bridging the Security GapIn this insightful episode of "Upwardly Mobile," we look into the critical importance of extending Zero Trust principles to consumer-facing mobile applications. Despite the widespread adoption of the "never trust, always verify" security model across enterprises, mobile apps often remain a significant blind spot, operating in uncontrolled and untrusted environments. This oversight exposes organizations to sophisticated attacks, directly impacting customer trust, regulatory compliance, and revenue.Why is mobile the weakest link in today's Zero Trust architecture and how modern threats like silent escalation, runtime tampering, and reverse engineering specifically target the post-installation, runtime environment of mobile apps. With...
2025-07-1112 min
Upwardly Mobile - API & App Security NewsQantas Under Siege: Unpacking the Third-Party Data Breach & Scattered Spider's ThreatQantas Under Siege: Unpacking the Third-Party Data Breach & Scattered Spider's ThreatIn this episode of "Upwardly Mobile," we dive deep into the recent cyberattack on Qantas, Australia’s leading airline, which confirmed on July 2, 2025, that it experienced a cyberattack on a third-party customer service platform in one of its call centers. This incident raised significant alarms, especially just before the busy July 4th travel season in the United States.Key Takeaways from the Breach:Significant Data Compromise: Qantas reported that approximately 6 million customers have service records in the affected pl...
2025-07-0713 min
Upwardly Mobile - API & App Security NewsFortify Your Phone: Android 16's Advanced Security FeaturesFortify Your Phone: Android 16's Advanced Security FeaturesIn this episode, we'll explore two of the most impactful security features in Android 16 that you need to know about: Advanced Protection and Identity Check, along with other significant API security improvements.Key Features and Insights:Android 16's Focus on Security: Despite foundational work for future design and multitasking changes, Android 16's initial rollout emphasizes "significant security enhancements" designed to make a "meaningful difference" in data protection. Android 16 sets the stage for the platform's most dramatic reinvention in ages...
2025-07-0415 min
Upwardly Mobile - API & App Security NewsIndependence Day: Cloudflare's Dual Defense for Mobile Apps & Original ContentIndependence Day: Cloudflare's Dual Defense for Web Mobile Apps & Original ContentWelcome to "Upwardly Mobile"! In this episode, we dive deep into Cloudflare's groundbreaking efforts to protect both mobile applications and original online content from the escalating challenge of AI bots and data scrapers.Key Topics Covered:Protecting Mobile Applications from AI Bots:Cloudflare's AI bot blocking features are fully capable of protecting mobile APIs.Their Bot Management system analyzes incoming traffic without differentiating between desktop and mobile user agents when scoring bot activity.Leveraging machine...
2025-07-0216 min
Upwardly Mobile - API & App Security NewsUnpacking the WestJet Cyberattack | Mobile API Security & Threats to AirlinesUnpacking the WestJet Cyberattack | Mobile App Security and Aviation ThreatsJoin us on "Upwardly Mobile" as we dissect the significant WestJet cyberattack, an incident that brought to light critical vulnerabilities in mobile application security and backend systems within the aviation sector. Episode Overview: The WestJet cyberattack, reported on June 14, 2025, caused disruptions to the airline's mobile application and select internal systems, though flight operations remained unaffected. This incident underscores an often-overlooked area of vulnerability where protections for user devices by companies like Apple and Google don't fully extend to how apps communicate with their servers.
2025-06-3016 min
Upwardly Mobile - API & App Security NewsApple's EU App Store Overhaul | Fees, Fines, and the Fight for DMA ComplianceUnpacking Apple's EU App Store Overhaul: Fees, Fines, and the Fight for DMA ComplianceJoin us on "Upwardly Mobile" as we dive deep into Apple's latest App Store changes in the European Union, a direct response to the stringent Digital Markets Act (DMA). Faced with a hefty €500 million (about $570 million) penalty from the EU for "anti-steering" practices, Apple has introduced a complex new fee structure that's shaking up the mobile app ecosystem. What You'll Learn in This Episode:The New Tier System for Store Services Fees: Discover how Apple's new two-tier system impacts developers. Tier 1 offers ba...
2025-06-2816 min
Upwardly Mobile - API & App Security NewsWhy the Open App Markets Act Matters?Why the Open App Markets Act MattersEpisode Notes:Join us on "Upwardly Mobile" as we delve into the critical issue of how Apple and Google's dominant control over the mobile app ecosystem is stifling innovation in mobile app security and potentially increasing long-term consumer cyber risk. While both companies, especially Apple, are currently seen as doing a "reasonable job" with cybersecurity within their closed environments, experts warn that this "monoculture protection" is not sustainable against evolving threats from nation-states, criminal groups, and AI.The Problem with App Store Monopolies: The core...
2025-06-2615 min
Upwardly Mobile - API & App Security NewsThe 16 Billion Credential Crisis: Blueprint for Mass ExploitationThe 16 Billion Password Leak: Securing Your Digital FootprintEpisode Notes:In this crucial episode of "Upwardly Mobile," we delve into the recent confirmation of what researchers believe is the largest password leak in history, exposing an astounding 16 billion login credentials [1-4]. This "mother of all leaks" involves a vast number of compromised records, with researchers discovering "30 exposed datasets containing from tens of millions to over 3.5 billion records each" [3, 4].Understanding the Massive Breach:• Scope of Compromise: The leaked data includes billions of login credentials from social media, VPNs, developer portals...
2025-06-2514 min
Upwardly Mobile - API & App Security NewsSecuring Critical Mobile Medical Apps | FDA Regulations & CybersecurityFDA Regulation and Cybersecurity for Life-Critical Health AppsWelcome to "Upwardly Mobile," the podcast exploring the intersection of mobile technology, health, and regulation. In this episode, we dive deep into the world of Mobile Medical Apps (MMAs), understanding how the FDA ensures their safety and effectiveness, and why cybersecurity is absolutely non-negotiable in this rapidly evolving landscape.What You'll Learn:• The Rise of mHealth: Mobile health (mHealth) apps are revolutionizing healthcare, empowering patients with personalized monitoring, tracking, and therapeutic support1. The regulated medical apps market is projected to reach a staggering $156 bil...
2025-06-2312 min