Upwardly Mobile - API & App Security News

Approov Limited
  • 5,0 (2)
  • TECNOLOGIA
  • SEMANAL
Upwardly Mobile - API & App Security News

Dive into the high-stakes world of mobile app development and API security with Upwardly Mobile, your ultimate guide to defending apps in today’s volatile digital landscape. Hosted by Skye Macintyre and George McGregor, and proudly sponsored by Approov, the leaders in mobile app attestation and API security, this podcast unpacks the evolving threats and innovative solutions shaping mobile security.Explore why the built-in protections from tech giants like Apple, Google, and Huawei often fall short, leaving sensitive data vulnerable. Learn how advanced techniques—like runtime attestation and dynamic API security—thwart attackers and secure your app ecosystem. Each episode delivers insights into major data breaches, emerging trends, and actionable strategies to fortify your apps and APIs against ever-advancing cyber threats.From development best practices to navigating compliance and regulation, Upwardly Mobile equips mobile developers, security professionals, and tech enthusiasts with the knowledge to safeguard their creations. Stay informed, stay secure, and stay ahead with expert guidance on the future of mobile cybersecurity.Subscribe now on Spotify and Apple Podcasts, and elevate your security game!

  1. HÁ 5 H

    The Coalition for App Fairness - Japan's SSCPA Law

    Episode Title: The Coalition for App Fairness: Welcome to today's discussion on the app store ecosystem and the challenges of anti-competitive policies imposed by tech giants like Apple and Google.We will explore how these companies' practices affect developers and consumers.The Problem: A Broken Marketplace Apple and Google charge up to 30% on most in-app purchases, which is significantly higher than transaction fees in any other industry.This "app tax" impacts consumer spending power and significantly reduces developer revenue.This fee creates an unfair competitive advantage for Apple's own apps that compete with third party apps, as they do not have to pay this tax.Some developers have been forced out of business due to these fees, with one developer describing it as a "nuclear bomb".Example: Treehouse's reading app, iFlow Reader.SEO Keywords: app tax, in-app purchases, revenue, developer, competitive disadvantageLack of Consumer Freedom The Apple App Store and Google Play Store act as "prisons" for consumers and developers, limiting options and competition.Unlike personal computer software, mobile apps are restricted to their respective app stores.Consumers cannot freely install software from any source they choose.App developers are not allowed to inform customers about less expensive options outside the app store.Example: Fortnite upgrades cost less when purchased directly from Epic.This is akin to a store preventing a brand from offering coupons.SEO Keywords: consumer choice, app store restrictions, monopolistic behavior, software distributionAnti-Competitive Policies Apple and Google use their operating system control to favour their own products and limit options for consumers.They force developers to sell via their app stores and may steal ideas from competitors.The Coalition for App Fairness believes all developers are entitled to compete in a fair marketplace.Coalition for App Fairness Vision The Coalition for App Fairness advocates for the following principles for app stores:Developers should not be required to use an app store exclusively or use the app store's ancillary services.Developers should not be discriminated against or blocked from the platform.Developers should have access to the same information and interoperability interfaces as the app store owners.Developers should always have access to app stores as long as they meet fair standards.A developer's data should not be used to compete with them.Developers should have the right to communicate directly with their users.App store owners should not favour their own apps or services.Developers should not pay unfair fees or be forced to sell anything they do not wish to.Third-party app stores should be allowed on the platform.App store rules should be transparent.SEO Keywords: app store principles, fair marketplace, developer rights, platform competitionThe Smartphone Software Competition Promotion Act (SSCPA) Japan is moving towards the enforcement of the SSCPA to promote fair competition, drive innovation, and offer more choices.The law will regulate platform operators with over 40 million monthly users.The SSCPA is designed to help businesses invest in new technologies without facing regulatory uncertainty.The Japanese Fair Trade Commission will ensure the SSCPA is implemented effectively.The law's success will depend on businesses leveraging it to create new opportunities.The idea that measures in place by app stores ensure user security and privacy has been questioned.SEO Keywords:...

    21min

  2. HÁ 1 DIA

    Apple Under Fire: £1.5 Billion App Store Lawsuit

    Upwardly Mobile: Apple Under Fire: £1.5 Billion App Store Lawsuit Episode Summary: In this episode of Upwardly Mobile, we delve into the groundbreaking £1.5 billion class-action lawsuit that Apple is facing in the UK. We break down the complex legal battle, the arguments from both sides, and what it could mean for consumers and the tech industry as a whole. Is Apple abusing its dominant position in the app market, or is this just another example of opportunistic litigation? We'll explore the details of this landmark case. Key Discussion Points:The Lawsuit: A detailed look at the class action lawsuit filed against Apple, alleging anti-competitive practices related to its App Store. The case claims that Apple forces iOS users to download apps exclusively from its App Store while charging developers significant commissions.The Allegations: The claimants argue that Apple has established a monopoly by requiring developers to use its App Store and that the commissions, up to 30% on purchases, are excessive and unfairly passed on to consumers. These commissions are claimed to be much higher than if alternative platforms existed.Who's Involved?: We cover the key players, including Rachael Kent, the "class representative" from King’s College London, who is leading the case on behalf of 19.6 million UK iPhone and iPad users. The legal teams are led by Mark Hoskins KC and Tim Ward KC.Apple's Defence: Apple has dismissed the lawsuit as "meritless", arguing that its App Store commissions are comparable to other digital marketplaces. They claim that most apps are free and many developers qualify for a reduced 15% commission rate. Apple further argues that the market definition used by the claimants is too narrow.Market Dominance: The claimants argue Apple has entrenched market power in its "ecosystem" of devices and software. Apple disputes that they have a dominant position in the broader digital transaction and device market.The Legal Battle: This is the first case of its kind to reach trial in the UK. The seven-week trial at the UK's Competition Appeal Tribunal is being closely watched. The newly appointed CFO of Apple, Kevan Parekh, is expected to testify.Broader Context: This lawsuit is part of a wider trend of legal challenges against Big Tech companies. We also mention other legal actions against Apple, including a £785 million UK lawsuit related to developer fees and a €500 million fine by the European Commission for breaching competition rules relating to music streaming services. There is also a class action lawsuit by Which? against Apple for alleged iCloud Monopoly.Implications: The outcome of this case could have significant implications for app developers, consumers, and other tech companies facing similar antitrust claims.Relevant Links:Financial Times Article: https://www.ft.com/content/4781c5b9-c6cb-4c94-8e35-1a5676c0c660MacRumors Article: https://www.macrumors.com/2025/01/13/apple-1-5-billion-uk-lawsuit-app-store/Lawyer Monthly Article: https://www.lawyer-monthly.com/2025/01/apple-faces-1-5bn-class-action-in-uk-over-app-store-commissions/Sponsor Message: This episode is brought to you by Approov, the mobile app security experts. Approov protects your APIs and backend systems from unauthorized access, ensuring the integrity of your mobile services. Learn more at approov.io.

    16min

  3. HÁ 2 DIAS

    Flexion | Level Up Your Revenue + How to Reduce App Store Fees & Combat Cheating

    Upwardly Mobile | Episode: Level Up Your Revenue: How to Reduce App Store Fees and Combat Cheating Episode Summary: Are you a mobile game developer struggling with the high costs of app store fees and the persistent threat of cheating? In this episode of Upwardly Mobile, we dive deep into strategies to maximise your revenue and protect your games. We'll explore how to navigate the complex landscape of app store fees charged by Apple and Google and introduce innovative solutions to help you keep more of your earnings. We'll also tackle the crucial topic of game security, with a focus on preventing exploits using tools like GameGuardian, which can damage your game's integrity and reputation. Key Topics Discussed:The Financial Burden of App Store Fees: Apple and Google charge substantial fees for in-app purchases, ranging from 15% to 30%. These costs can severely impact a developer's profitability, particularly for smaller studios. We'll discuss how to minimise these costs.Flexion: An Alternative Approach: Learn how Flexion (NASDAQ: FLEXM) offers an alternative to traditional app distribution, allowing you to bypass some of the high fees imposed by major platforms. Flexion enables developers to distribute games across various alternative app stores, such as the Samsung Galaxy Store, Huawei AppGallery, Xiaomi GetApps, and Amazon Appstore. This approach not only broadens your audience reach but also reduces reliance on high-fee models.Benefits of Using Flexion:Reduced Upfront Costs: Enter alternative markets with little to no upfront investment.Enhanced Revenue: Games distributed through Flexion’s channels have seen an increase in revenue by approximately 10% compared to Google Play.Simplified Integration: Flexion offers a streamlined onboarding process.Expertise in User Acquisition: Flexion aids developers in user acquisition strategies tailored for alternative app stores.Monetisation Strategies: Explore alternative monetisation strategies beyond in-app purchases, such as subscription models, advertising and partnerships, to potentially lower the percentage of fees paid to platform holders. Structuring in-app purchases strategically can also help maximise revenue and minimise fees.GameGuardian and Cheating: The impact of cheating on a game’s reputation and the user experience will be discussed. GameGuardian, a tool that allows users to modify in-game values, is a significant threat.Approov Mobile Security: Discover how Approov Mobile Security can detect and prevent cheating attempts, including those using GameGuardian. Approov provides real-time protection with RASP (Runtime Application Self Protection) and customisable measures. Integrating the Approov SDK is straightforward and provides benefits like fair play, improved reputation, and increased user retention.Links Mentioned in This Episode:Flexion: https://www.flexionmobile.com/Flexion and Digital Turbine Unlock Alternative App Distribution: [https://www.adweek.com/adweek-wire/flexion-and-digital-turbine-unlock-alternative-app-distribut ion-and-superior-monetization-2/](https://www.adweek.com/adweek-wire/flexion-and-digital-turbine-unlock-alternative-app-distribut ion-and-superior-monetization-2/)App Store Publishing Costs: A Complete Breakdown: https://www.knguru.de/en/blog/was-kostet-es-eine-app-im-appstore-zu-veroffentlichenMY.GAMES Expands Markets with Flexion: a href="https://news.cision.com/flexion-mobile/r/my-games-is-latest-big-name-developer-to-expand-its-markets-with-flexion,c4045246" target="_blank" rel="noreferrer...

    11min

  4. HÁ 5 DIAS

    Mobile Security Threats to Connected Car Apps

    This episode of Upwardly Mobile explores the security challenges in automotive mobile application development. As cars become more connected, they also become prime targets for cyberattacks. Insecure mobile apps represent a significant attack vector in the connected car ecosystem, as they provide criminals with a gateway to access vehicle systems and sensitive data12. APIs, which are essential to the automotive data ecosystem, also introduce security risks. Hackers can exploit vulnerabilities in APIs to gain unauthorised access to or control over vehicle systems. Cases have already occurred where hackers accessed account credentials to launch remote attacks on vehicle APIs23. Connected car apps face various threats, such as unauthorised access, insecure data transmission, app vulnerabilities, malware, and physical security risks. These threats can endanger user safety, compromise data privacy, and disrupt vehicle functionality3. Traditional approaches to cybersecurity have relied on perimeter-based static defences. This approach is insufficient for the automotive industry due to the lack of a clear perimeter in connected vehicles and the dynamic nature of cyber threats. Zero trust is a security concept that assumes no implicit trust, regardless of whether the connection is external or internal45. Approov Mobile Security can enhance vehicle API security by allowing only authorised apps access, preventing API abuse and unauthorized data access. Approov's adaptable security policies enable a dynamic threat response, offering continuous protection for connected car systems against evolving cyber risks. Learn more about Approov Mobile Security at https://www.approov.io/. Read the BMW case study here: https://www.approov.io/customers/bmw. Please note that this podcast was created with the assistance of AI.

    19min

  5. HÁ 6 DIAS

    FireScam Android Malware: How Fake Telegram Premium Apps Exploit Firebase for Stealth Attacks

    FireScam Android Malware: How Fake Telegram Premium Apps Exploit Firebase for Stealth Attacks FireScam employs several techniques to evade detection and maintain persistence on a device.Disguise: The malware is distributed disguised as the "Telegram Premium" application, through a phishing website that mimics the legitimate RuStore application store. This disguise is intended to trick users into installing the malware, as they may believe they are installing a legitimate application.Dropper: A dropper named ‘ru.store.installer’ is used to install FireScam on devices running Android 8 and newer. The dropper requests several permissions, including the ability to query and list all installed applications, access and modify external storage, delete and install applications, and update applications without user consent. These permissions allow it to install FireScam and maintain control over it.Restricting App Updates: FireScam declares itself as the designated owner and restricts app updates to it, which prevents other installers from updating it, ensuring its persistence on the device. This prevents a user or another application from removing or replacing the malicious app with a legitimate version.Background activity: FireScam requests permissions that allow it to run in the background without restriction. This allows it to continue to function and collect data without the user being aware of it.Environment Checks: The malware checks process names at runtime, checks installed applications, and fingerprints the device to detect if it is running in a sandboxed or virtualized environment. This indicates that the malware is designed to avoid detection by security analysis tools.Firebase Cloud Messaging (FCM): FireScam registers a service to check for FCM notifications, enabling it to receive commands from its command-and-control (C&C) server. It also defines permissions to control access to it, effectively creating a backdoor for communication between the malware and its components. This allows the malware to receive instructions and exfiltrate data without direct user interaction.In summary, FireScam uses a combination of disguise, a dropper, persistence mechanisms, background activity, environment checks and a communication backdoor to evade detection and maintain its presence on an infected device. ●Approov Website: approov.io ●OWASP Mobile Security Project: https://owasp.org/www-project-mobile-security-testing-guide/ This link provides information about mobile security testing, app security, and API channel integrity. ○OWASP Mobile Security Testing Guide: This is a key document from the OWASP Mobile Security Project, focusing on the development phase and identifying vulnerabilities in mobile app code. ○Mobile App Sec Verification Standard (MASVS): This document provides a security checklist for when an app is ready to be released and acts as a baseline for penetration testing. It also defines security verification levels for mobile apps. ●OWASP API Security Project: https://owasp.org/www-project-api-security/ This resource focuses on understanding and mitigating API vulnerabilities and security risks. ●OWASP Top 10: https://owasp.org/www-project-top-ten/ This resource is a standard awareness document for developers and web application security, highlighting critical security risks to web applications, many of which can be exploited via APIs.

    30min

  6. 7 DE JAN.

    Epic Games Store Pre-loads Millions of Telefónica Android Devices

    Upwardly Mobile API and App Security Podcast Show Notes Episode Title: Epic Games Takes on the App Store Giants: A New Era of Mobile Gaming? Episode Summary: This week, George and Skye discuss the groundbreaking partnership between Epic Games and Telefónica and its potential to reshape the mobile gaming landscape. They'll delve into how this deal challenges the dominance of Google and Samsung in app distribution, explore the implications for developers and consumers, and analyze the future of mobile app security in a more competitive market. Keywords: Epic Games, Telefónica, Google Play Store, Samsung Galaxy Store, mobile gaming, app distribution, app security, antitrust, competition, innovation, developers, consumers, Fortnite, RASP, App Attestation, OWASP MASVS, EU Digital Markets Act Relevant Links: ● Epic Games announcement: https://www.epicgames.com/site/en-US/news/the-epic-games-store-launches-on-mobile ● Android Central article: https://www.androidcentral.com/software/apps/epic-games-store-will-be-preloaded-onto-millions-of-android-phones-in-new-partnership ● Approov blog post: https://approov.io/blog/can-epic-single-handedly-break-the-google-samsung-monopoly ● OWASP MASVS: https://owasp.org/www-project-mobile-security-testing-guide/ ● EU Digital Markets Act: https://eur-lex.europa.eu/dac/summaries/en/2022/305117 Discussion Points: ● The Epic Games and Telefónica Partnership: ○ Telefónica will pre-install the Epic Games Store on all its new Android devices.12 ○ This move will give millions of users in Europe and Latin America access to the Epic Games Store.13 ○ The Epic Games Store offers a more developer-friendly revenue split (88/12) compared to Google Play Store (15-30%).4 ● Challenging the Status Quo: ○ The partnership directly challenges the existing dominance of Google and Samsung in the mobile app market.567 ○ It aims to circumvent the restrictions and high commissions imposed by the Google Play Store.689 ○ Epic Games has a history of challenging tech giants and advocating for a more open app ecosystem.11011 ● Impact on Developers and Consumers: ○ Developers: The more favourable revenue split could attract more developers to the Epic Games Store.412 ○ Consumers: Increased competition could lead to lower app prices and a wider selection of games and apps.3612 ○ The pre-installation of the Epic Games Store could expose consumers to alternative app marketplaces.17 ● Mobile App Security in a More Competitive Market: ○ The need for robust security measures like RASP, app attestation and notarization in a more fragmented app ecosystem.81314 ○ The importance of open security standards like OWASP MASVS in ensuring app security across platforms.81415 ○ The role of legislation like the EU Digital Markets Act in fostering a more competitive and secure mobile app market.814 Call to Action: ● Encourage listeners to download the Epic Games Store and explore alternative app stores. ● Suggest that developers research and implement robust security measures like RASP and app...

    21min

  7. 6 DE JAN.

    Pegasus Spyware! | Widespread Mobile Infections reported by iVerify

    Upwardly Mobile - Episode Details The Pegasus spyware has a wider reach and impact than previously understood, affecting not only high-profile targets but also a broader range of individuals. Here's a breakdown of its reach and impact based on the sources:Targeted individuals: While initially known for targeting journalists, political activists, and government officials, Pegasus has also been found on the devices of business leaders and people in government or commercial enterprises. The spyware can be used to surveil individuals who may not seem like likely targets.Infection rate: iVerify's investigation found an infection rate of 2.5 infected devices per 1,000 scans, which is significantly higher than previously reported. This suggests that mobile spyware, particularly Pegasus, may be more prevalent than security researchers had estimated.Affected devices: Pegasus infections have been found on both iOS and Android devices. The spyware has been found on various iOS versions, including 14, 15 and 16.6. Some infections date back to 2021 and 2022.Method of infection: Pegasus uses zero-click attacks, meaning it can compromise a device without any action from the user. Receiving an infected iMessage is enough to compromise an iPhone. It exploits operating system vulnerabilities to gain access.Data access: Once a device is infected, Pegasus allows attackers to access and extract messages, emails, media files, passwords, and detailed location information. It can silently monitor a device and compromise data without the owner’s knowledge.Detection challenges: Traditional endpoint security measures often fail to detect Pegasus, suggesting that mobile users need to be included in the detection process.Dissemination: The NSO Group, which developed Pegasus, sells it to governments who use it to target various individuals. iVerify refers to the NSO Group as "Rainbow Ronin".In summary, Pegasus spyware has a wide-reaching impact, affecting not just high-profile individuals but also a broader range of people, with a higher infection rate than previously thought. It can silently monitor and extract data from both iOS and Android devices using zero-click attacks, making it difficult to detect with traditional security measures. These findings underscore the need for proactive measures, such as regular security scans, to protect against mobile spyware threats.

    15min

  8. 4 DE JAN.

    Apple's $95 Million Siri Privacy Settlement

    Apple has agreed to a $95 million settlement in a class action lawsuit alleging that its Siri assistant recorded private conversations and shared them with third parties. The lawsuit claims that Siri's microphone was activated unintentionally, recording conversations without the user's knowledge, and that this audio data was shared with third-party marketers and advertisers. Here's a breakdown of the key points:Allegations: The lawsuit alleges that Apple violated the federal Wiretap Act and California's Invasion of Privacy Act by recording and sharing private conversations without user consent. Users reported being targeted with advertisements related to sensitive topics discussed in private when Siri had been accidentally activated.Settlement Terms:Apple will create a $95 million non-reversionary fund to cover payments to class members, attorney fees, awards for class representatives, and administrative costs.The settlement applies to U.S.-based current or former owners of Siri-enabled devices (iPhones, iPads, Macs, etc.) whose communications were obtained or shared without consent due to unintentional Siri activations between September 17, 2014, and December 31, 2024.Class members can claim up to $20 per Siri-enabled device, for up to five devices.Apple is required to permanently delete all Siri audio recordings obtained in violation of the laws within six months of the settlement's effective date.Apple is expected to provide clear disclosures on how users can manage Siri settings to protect their data from unintentional disclosure.Class Action Details:The lawsuit was filed in August 2019, after an article in The Guardian alleged that Siri's microphone was surreptitiously recording conversations.The case was submitted by Fumiko Lopez, John Troy Pappas, and David Yacubian.The proposed settlement still needs to be approved by a judge. A preliminary approval hearing is scheduled for February 14, 2025. If approved, the deadline for claims submission will be 135 days later, on June 29, 2025.The settlement class includes all individual current or former owners or purchasers of a Siri Device, who reside in the United States and its territories, whose confidential or private communications were obtained by Apple and/or were shared with third parties as a result of an unintended Siri activation between September 17, 2014 and December 31, 2024.Apple's Response: Apple denies any wrongdoing but chose to settle to avoid further legal costs and potential bad publicity.How to Disable Siri: Users can disable "Hey Siri" activation, restrict Siri usage from certain apps, and delete Siri and dictation history. Steps to disable Siri include turning off 'Listen for "Hey Siri"' in device settings, and turning off microphone access for individual apps in settings.Monetary Aspects: The settlement amount will be used to pay for costs of notice and administering the settlement, attorneys' fees, service awards for class representatives, and the net amount will be distributed to settlement class members. The net settlement amount will be distributed to claimants who submit valid claim forms establishing they owned or used a Siri Device and experienced an unintended Siri activation during a confidential or private communication. Claim forms will be pre-populated with member contact information and will require members to confirm their contact information and other details about their devices and experience.The settlement also includes non-monetary terms, including that Apple will confirm the deletion of all individual Siri audio recordings collected by Apple prior to October 2019 within six months after the effective date, and that it will publish a webpage explaining how users can opt in to the "Improve Siri" option on their devices, and the information Apple stores from users who choose...

    13min
Ver tudo (20)

Classificações e avaliações

5
de 5
2 avaliações

Sobre

Dive into the high-stakes world of mobile app development and API security with Upwardly Mobile, your ultimate guide to defending apps in today’s volatile digital landscape. Hosted by Skye Macintyre and George McGregor, and proudly sponsored by Approov, the leaders in mobile app attestation and API security, this podcast unpacks the evolving threats and innovative solutions shaping mobile security.Explore why the built-in protections from tech giants like Apple, Google, and Huawei often fall short, leaving sensitive data vulnerable. Learn how advanced techniques—like runtime attestation and dynamic API security—thwart attackers and secure your app ecosystem. Each episode delivers insights into major data breaches, emerging trends, and actionable strategies to fortify your apps and APIs against ever-advancing cyber threats.From development best practices to navigating compliance and regulation, Upwardly Mobile equips mobile developers, security professionals, and tech enthusiasts with the knowledge to safeguard their creations. Stay informed, stay secure, and stay ahead with expert guidance on the future of mobile cybersecurity.Subscribe now on Spotify and Apple Podcasts, and elevate your security game!

Informações

Você também pode gostar de

Para ouvir episódios explícitos, inicie sessão.

Fique por dentro deste podcast

Inicie sessão ou crie uma conta para seguir podcasts, salvar episódios e receber as atualizações mais recentes.
Selecionar um país ou região

África, Oriente Médio e Índia

Ásia‑Pacífico

Europa

América Latina e Caribe

Estados Unidos e Canadá