Enterprise Security Risk: Apps Capturing Corporate Mobile Screens

Enterprise Security Risk: Apps Capturing Corporate Mobile Screens

A recent advancement in crash reporting SDKs enables developers to record in-app screens, so that they know the exact state of an app before it crashes. This opens up doors for new exploits in enterprise mobile environments, as third-parties are increasingly recording mobile screens for debugging purpose and sending them ... Read More
3 Key Mobile Enterprise Threats in 2018

3 Key Mobile Enterprise Threats in 2018

As attackers constantly innovate new exploitation and evasion techniques, enterprise security teams are having to stay ahead of a host of emerging threats. Often, these threats have been encountered in other enterprises, and shared knowledge of these threats may help prepare other security teams for similar incidents. Thus, in this ... Read More

Android Security Update – Aug 2018

On Aug 6, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

8 Reasons Mobile Apps Access Location + Security Policies to Consider

A fitness app, called Polar Flow, was recently found to be exposing the name, profile picture and whereabouts of high-ranking military personnel by oversharing user location data. Unfortunately, this is not the only security incident leaking user location. Back in February, Appthority noted how students had been able to piece ... Read More

Android Security Update – July 2018

On July 2, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

Android Security Update – June 2018

On June 4, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

iOS Update 11.4 Security Details

iOS version 11.4 was released on May 29, 2018, and the following 31 vulnerabilities are fixed in this security update: 10 WebKit vulnerabilities – These vulnerabilities allow maliciously crafted web content to execute arbitrary code on mobile devices. These issues are fixed with improved memory handling, input validation, locking and ... Read More

ZipperDown: Remote Code Execution Attack on iOS Apps

On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. Although Pangu Lab did not disclose the details of the ZipperDown vulnerability, we can infer from its researcher’s public comments and Weibo’s incident response, that the vulnerability exists in the ... Read More

Android Security Update – May 2018

On May 7, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

Ad-Supported Apps Pose Data Privacy & Security Risks

Mobile risks come in a variety of shapes and sizes. Some are invisible, some hide in plain sight. Among the latter are ad-supported apps. With the Facebook and Cambridge Analytica scandals in the news, the Appthority Mobile Threat Team wanted to put some numbers around how many of apps are ... Read More