Looking at mobile app API examples and the shortcomings of their security posture.

This is part 2 of our views on APIs. If you haven’t read part 1 then why are you still here? Go take a look :)

Leaking all app data

APIs generally have access to loads of user data; they are the middleman to the transactions between the client interface and the back-end databases…

Assembly language for the dex format, used by Android’s Dalvik virtual machine.

When testing Android mobile apps, quite often you can find yourself in a situation where you face a security mechanism that you wish to bypass, either because the app won’t run (e.g root detection) or there is something else you want to investigate more (e.g SSL pinning).

Usually a tester…

Native library static inspection and the JNI

Introduction

Mobile security testing of Android applications involves code review in order to understand how the app logic and flow works, as well as identifying any potential security vulnerabilities. If the app was developed in Java, decompiling the app means reversing the compilation process in order to extract the Java source-code…

The Mobile Security Guys

Random posts about mobile security and testing techniques from a bunch of mobile professionals.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store