Collaborate Disseminate
This is a little bit crazy.
A long time ago, I created a Spotify account using Facebook credentials.
A few years ago, I stopped my premium subscription, deleted Spotify from all devices and didn’t use it again.
3 years ago, I bought a use… Continue reading Mobile App Security for Spotify [closed]
I believe the title says it all.
As an example, let’s say I use the Brave browser on a phone.
From my understanding, all legitimate apps or computer software that connect to the Internet have some form of encryption to prevent other partie… Continue reading If software use encryption to protect one from ISP providers and other parties from snooping, how does this apply to browser software, esp. on mobile?
I am trying to reason about how native apps can avoid the problems web apps have in dealing with the "Browser Cryptography Chicken and Egg" problem, which has been discussed numerous times on this site, perhaps most notably here:… Continue reading How to deal with targeted attacks from publisher when verifying the integrity of native applications and validating their source code?
I have the APK of an application and analyzed it using MobSF static analysis. It says the application talks with Firebase Database and provides a URL.
Obviously, the URL is not accessible.
I am new to this so trying to find tools from GitH… Continue reading How to Scan Firebase Database?
I’m working on a mobile application, using django rest-framework as backend, and I’d like to archive the maximum security possible.
Now when the user log-in with email and password I generate a token, Token Authentication from rest_framewo… Continue reading How to use TokenAuthentication in mobile apps?
I have seen some similar questions a few years old and I am not sure if there are any new changing views on this.
I see that this flow is not recommended for mobile native apps. What are the practical downsides security wise of using this … Continue reading Downside of resource owner password flow for native mobile apps?
I decided to implement "forgotten password" functionality, without having to create a website just for that. The usual workflow that I’ve seen for any app is:
User requests password reset
Link is sent to their email with a token… Continue reading Security of in-app Forgot Password workflow in Xamarin (Mobile App) without using a website
Due to the coronavirus, many governments have required many citizens to install contact tracing app in their phones. I would like to ask whether it is possible for a contact tracing app to access personal information (e.g. photos, videos, … Continue reading Possible concerns with contact tracing app in a pandemic? [duplicate]
When reading about mobile security, the attacker is often assumed to have root access to the device, so as to patch the application or proxy all network traffic.
I see that such applications may have generic vulnerabilities, like non-encry… Continue reading What’s the threat model of mobile security?
The bus company that I use (Arriva UK) is trying to persuade passengers to switch from buying paper tickets to tickets stored on their app. They are particularly pushing this for ‘bus passes’: tickets that allow you to take any bus in a gi… Continue reading Why would a bus ticketing app require an Internet connection when you board the bus?