Mobile API Anti-abuse Protection: AppiCrypt® Is a New SafetyNet and DeviceCheck Attestation Alternative (crosspost)

Mobile API Anti-abuse Protection: AppiCrypt® Is a New SafetyNet and DeviceCheck Attestation Alternative (crosspost)

The authenticity and integrity of the device and the application must be verified to determine whether the application’s backends are communicating with a legitimate application running on an approved/genuine mobile device. An attestation is a technique and process leading to evidence or proof of authenticity.

Check this link to learn more about AppiCrypt, a powerful tool that provides proof of app and device integrity for backends:
https://medium.com/@talsec/mobile-api-anti-abuse-protection-appicrypt-is-a-new-safetynet-and-devicecheck-alternative-20cf7a07dfb0

5 Things John Learned Fighting Hackers of His App — A must-read for PM’s and CISO’s (crosspost)

5 Things John Learned Fighting Hackers of His App — A must-read for PM’s and CISO’s (crosspost)

John is the creator of a popular app BetterVision, for the blind and visually impaired. There is a good reason for the over 100K installations John’s creation has achieved. BetterVision can turn a phone’s camera into a powerful assistant easing a daily routine for disabled users worldwide. With success, however, soon came difficulties. John’s app suffered a cloning attack, and his In-App purchases got stolen.

Check this link:
https://medium.com/@talsec/5-things-john-learned-fighting-hackers-of-his-app-a-must-read-for-pms-and-ciso-s-463379b49410

#1 Flutter Security Library: How to Build Secure App using freeRASP | freeRASP Implementation Guide (crosspost)
freeRASP: In-App protection SDK and app security monitoring service (crosspost)
Focus App published to Play Store

Focus App published to Play Store

I have tried to design a nonobtrusive timer app named Focus, check it out. I don’t intend to continue its development since there is no need for another Pomodoro app. The main (and only) specialty of the Focus is a text field used to specify a current goal.

Hello Kotlin Backend

Hello Kotlin Backend

I have joined a new project which is already bootstrapped with Spring Boot and Kotlin. I haven’t needed such tech stack yet, usual requirements were easily solvable by deploying the Strapi CMS and the database.

Read More
Android App Distribution in 2020

Android App Distribution in 2020

Play Store? Huawei AppGallery? Custom updater?

This article aims to answer common questions about the possibilities of android app distribution. I try to compare various ways of installation which can be interesting for non-public apps. I also examine relevant app stores to summarize their possibilities and limitations. The monetization, advertisement, and related business aspects are taken just briefly. Beware - the market situation is taken from the US/EU viewpoint. The regional situation in Russia, China, or India is beyond my knowledge.

Read More
Scoreboard SPA built on the cheap in 2 hours

Scoreboard SPA built on the cheap in 2 hours

This is not a tutorial, but a quick write-up about the simplicity of tools which can be used to publish simple single page application nowadays. I have used this approach a few times when someone asked me to build an editable table of items (i.e. upcoming events) without special requirements. I wouldn’t recommend this approach for anything more serious.

Read More
Sunday Reflection
Android: Release shamelessly, outrun a hacker

Android: Release shamelessly, outrun a hacker

Keep an eye on attack vectors with MobSF

Your shiny new Android app is almost done and you are heading for release. Your most valuable assets are baked inside your app, yet there is one last crucial measurement your app should undertake to ensure its security.

Read More