Posted on

Social Media Convergence == Bad?

I was recently in Shanghai. Great city! Enjoyed the trip, the city, and the people. When I travel, I usually use cash, not credit. There's plenty of ATMs around, and Shanghai was no exception. One of the things that really struck me while I was there was the overwhelming presence of mobile computing. I mean, when I was on the subway in Shanghai, all I could see were the tops of people's heads. Everybody was on a cell phone.

Now I've been around. I've been on the London underground, Paris and Vienna metros, New York's subway, and Washington DC's transportation system. Sure, we all use our phones, but we usually look up every once in a while, and we don't stay on them that long. But in Shanghai, it was completely different. Mobile computing is completely integrated with modern Chinese life — in Shanghai at least. And I expect Beijing is no different.

Posted on

Five Mobile App Vulns That Should Scare You

While some organizations and executives may not be fully aware of all the threats to their mobile applications, the risks are real and growing. Vulnerabilities arise from code flaws, encryption errors, unsecured data transmission or data exposure. Attackers are ready to exploit these vulnerabilities to steal data, money and trade secrets and undermine your brand.

Reflecting on some recent high-profile mobile application security breaches helps drive home the dangers of not properly securing your mobile apps. With that in mind, we present a round-up of the top five mobile breaches that have occurred over the past year.

Posted on

How to Guard Against Mobile App Deep Link Abuse

Mobile app developers often use deep links to improve the user experience and engagement by helping users navigate from the web to their app. However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes. This blog will explain how this vulnerability can be exploited and how to safeguard your app by using the more secure version of deep links, App Links.

Deep Links Overview

Deep links are URLs that take users directly to specific content in an app. They can be set up by adding a data specification (URI) inside an Intent Filter. Whenever a user clicks a URL (either in a webview, in an app, or in a web browser in general) that matches the URI specified inside the intent filter, she will be taken to the activity that handles it. Below is an example that shows how to add a deep link that points to your activity in the AndroidManifest.xml file: