View profile

NowSecure #MobSec5 - Week of February 11

February 15 · Issue #139 · View online
NowSecure #MobSec5
Yesterday was Valentine’s Day and couples everywhere celebrated love. But singles who use mobile dating apps to find romance may rightfully be disheartened by security and privacy concerns associated with those apps. For example, Coffee Meets Bagel announced a breach on Thursday and OkCupid recently suffered a vulnerability.
NowSecure conducted a benchmark risk analysis of 50 popular mobile dating apps and found some unattractive results. Only 55% of the apps we evaluated carry low or no risk. Nine have medium or high-risk vulnerabilities such as leaking sensitive and personal data, unencrypted data transmission, and use of known vulnerable third-party libraries.
As always, we recommend developers employ automated mobile app security testing to ensure their wares are safe to use. Similarly, organizations should carefully vet the risk levels of the apps their employees use on corporate devices.
Your highlights for the week are as follows:
  • Thousands of Android apps violate data collection policies
  • Smart sneakers step up potential security risks
  • Google rejected 55% more apps in 2018
  • Apple requires devs to use 2FA
  • Beware of a fake Apex Legends mobile app
As NowSecure seeks to deliver content of value to the community, we are sunsetting MobSec5 at the end of the month. We are replacing it with an exciting new bi-weekly curated email newsletter called “All Things Mobile App DevSecOps” which will help you stay current on the latest trends and useful resources to build, test and deploy secure mobile apps faster.

Thousands of Android Apps Break Google's Privacy Rules | Tom's Guide
With smart sneakers, privacy risks take a great leap | CNET
Here's how Google fought sketchy Play Store apps in 2018 | Android Authority
Two-factor authentication: Apple takes data security seriously, adds two-factor authentication requirement for app makers | Economic Times
Apex Legends app download site tricks players with dodgy mobile version of hit game | The Independent
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue