Mobile Security

Read about the latest news and trends in the Mobile AppSec arena, where we follow the direction of mobile cybercrime, where the state of mobile security is today, and where we're headed tomorrow.
Mobile Payment App Security

New To Mobile Payment Security? Here’s What You Need To Know

Dec 04, 2015 By Sarah Vonnegut | The demand for paying with mobile devices may have gotten off to a slow start, especially in the United States, but the next few years will see the mobile payment landscape explode – IDC estimates that by 2020 the global mobile payment market will be worth nearly $4 trillion.   From paying bills and transferring money to friends and family, paying for coffee before we enter Starbucks, to ordering clothes, food, cabs, and other services – all done through our mobile devices – the landscape for mobile payments has dramatically increased – and security has been left in the dust.

Read More »
Secure iOS App Development

40 Tips You Must Know About Secure iOS App Development

Nov 10, 2015 By Sharon Solomon | The iPhone is arguably the most desired smartphone on the planet today, thanks to its shiny metallic hardware and user-friendly iOS 9 mobile platform. Despite Google leading the numbers-game with its open-source Android mobile platform, iOS is often considered to be the safer of the two due to Apple’s stricter security policy and its willingness to sacrifice customizability for the cause. But even this platform has its fair share of vulnerabilities and potential security loopholes that need to be addressed by the developers.

Read More »
Mobile security press roundup-01

The State of Mobile Application Security Press Roundup

Nov 08, 2015 By admin | Think Apple apps are safer than Android? Think again Amanda Schupak, CBS News Apple has a good reputation for security. But a new report finds that its good reputation could be working against it. Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft. Continue Reading Which is safer – iPhone or Android?  Gabriel Avner, Geektime A report that cybersecurity experts Checkmarx and AppSec Labs released today has found a set of critical flaws in how developers are writing code for mobile apps that could put a lot of people at risk. Over the course of the past year, these two companies carried out an audit of hundreds of mobile apps, testing them for vulnerabilities. Among those reviewed were banking apps and others containing essential personal information. Continue Reading

Read More »
apple vs android-01

Think Apple apps are safer than Android? Think again.

Nov 08, 2015 By admin | Apple has a good reputation for security. But a new report finds that its good reputation could be working against it. Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft. Checkmarx marketing vice president Asaph Schulman called the results “nothing short of alarming” and said that if app developers don’t institute better coding practices, “we should expect an increase of major hacks…in the near future.” Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease. When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities — 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple’s focus on security. Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple’s App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts. “Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain,” said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm. Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations. Read the full article here. 

Read More »
mobileblog3

The State of Mobile App Security

Nov 05, 2015 By Amit Ashbel | The mobile application industry is growing at an explosive pace, yet security issues of mobile applications are lagging behind. Incidents of mobile application hacking have increased exponentially as attackers and attacks have evolved, using both new and well-known methods of attack to infiltrate apps and collect the as much data as possible. The impact on businesses and end-users is exponentially growing. With more than 1.5 million apps available in the two main app stores, Apple and Android, and hundreds of billions of downloads to date, the mobile landscape has quickly become the main playground for hackers and attackers.

Read More »
Securing PhoneGap Apps

The Worst PhoneGap Security Issues And How To Avoid Them

Oct 23, 2015 By Sarah Vonnegut |   Mobile devices have exploded in our modern world. And with the explosion have come implications. Business can be conducted anywhere now, and high-value documents and data can easily be read and shared on the go. While this may be great for productivity levels and greater flexibility, security risks only seem to increase as more cell phones and tablets hit the marketplace.   The customers who use our mobile apps aren’t necessarily thinking about security as they use their phones to do any number of things – and it’s on us if our applications are hit by hackers. Each mobile operating system (OS) comes with its own security risks, and developing secure applications for different platforms, written (and secured) in the appropriate language for the platform, can get tricky.

Read More »
Android Development

Top 5 Secure Android Development Tips

Sep 01, 2015 By Sharon Solomon | Over 50% of US smartphone users are now actively using Android devices and the security aspect of Google’s mobile platform is under constant scrutiny. With new vulnerabilities and hacking POCs making the news on almost a daily basis, safety concerns are rising. So what lies ahead for this customizable and user-friendly, albeit vulnerable, mobile operating system? How can secure Android development minimize the risks? Let’s find out.  

Read More »
Best Practices for Mobile App Security

Mobile Application Security: 15 Best Practices for App Developers

Aug 19, 2015 By Sarah Vonnegut | In 2015, the mobile app is king. The applications we download on our mobile devices entertain us, keep us in touch with our loved ones, show us who’s single nearby, share anything we want about our lives with the world – and so much more. And thousands of new applications are added to the marketplace. Every single day.   There’s a 1991 ad from Radio Shack depicting “great prices” for all the things we now use our cell phones for. ‘High-tech’ devices like s VHS camcorder, a discman, a tape recorder are proudly displayed – all technologies made pretty much obsolete with a variety of handy applications on our much more compact and relatively cheap mobiles.  

Read More »
Whatyouneed2know

What you need to know about Stagefright?

Jul 29, 2015 By Amit Ashbel |   Let’s start with a temporary workaround to avoid becoming infected Open the Hangouts App Hangout App Settings
Click the hamburger menu and select “settings”
Select SMS
Select Hangouts as your default SMS app
Uncheck ‘Auto-retrieve MMS’ Now that we got that out of the way we can start talking about the Stagefright vulnerability itself.
What is Stagefright?
Stagefright is a new vulnerability which was found, reported and announced by Zimperium, an Israeli enterprise mobile security company. The vulnerability can infect a device by simply downloading an MMS message (which happens automatically in most cases). Once infected, the hacker has full control over the phone’s data.

Read More »
phone with key on white background. Isolated 3D image

Mobile Security In Limbo With Coding Vulnerabilities Galore

Jun 24, 2015 By Sharon Solomon | It’s no secret is that the smartphone is the modern man’s best friend. Over 7 billion mobile devices are being used today all around the world and they are multiplying 5 times faster than human beings. With the astronomical amounts of private information being transferred worldwide, the need for strong mobile security has become paramount. Unfortunately, the news about new vulnerabilities and high-profile breaches are raining down on us.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE