View profile

NowSecure #MobSec5 - Week of June 4th

Revue
 
Many felt underwhelmed by Apple WWDC 2018 announcements on Monday, but a refined iOS 12, along with m
 
June 8 · Issue #107 · View online
NowSecure #MobSec5
Many felt underwhelmed by Apple WWDC 2018 announcements on Monday, but a refined iOS 12, along with many other valuable updates, is still pretty interesting. Join us Tuesday, June 12th @ 1 PM CT for an iOS 12 Preview - including top ways NowSecure experts project iOS 12 will affect mobile app security testing.  
Your highlights from the mobile app security world this week include:
  • NowSecure reaches new milestone for Apple mobile app security testing
  • Microsoft buys into developer-first market, acquires Github
  • Android’s latest security bulletin is here
  • Apple announces iOS to Mac porting capabilities by next year
  • Smartphones become target of choice for spies given they hold more valuable personal data than computers
  • Android P lets users know when an app wants access to call logs or phone numbers 
  • And more!
Thanks for reading. Have a great weekend, be good, and stay safe.
Introducing Jailed Testing with NowSecure | NowSecure
www.nowsecure.comShare
“The purpose of this post is to explain how automated mobile app security testing on the most recent versions of iOS on Apple standard production devices is now possible, with Jailed Testing, via NowSecure Gadget technology on NowSecure Workstation.”
The ability to conduct dynamic mobile appsec testing on the latest iOS versions, using real devices, is a big step forward in extending the reach of mobile appsec. NowSecure is excited to break down barriers and aid organizations in providing safer mobile apps for end users.
Android P: More power for enterprises | Google
www.blog.googleShare
“Android P also introduces a number of features that address enterprise security needs: The ability for IT administrators to require different PINs and timeout rules for the personal and work profiles. Additional policies that can prevent data sharing across work and personal profiles. New APIs that work with keys and certificates to securely identify devices accessing corporate resources.”
When GitHub met Microsoft: Good for enterprise DevOps? | TechBeacon
techbeacon.comShare
“The biggest benefactor of Microsoft’s acquisition of GitHub could be enterprise DevOps. But maybe it’s also time to diversify.”
It’s too early to say what Microsoft’s acquisition of the beloved developer platform, GitHub, will mean to the open source community. However, joining the two tech giants certainly helps propel the DevOps movement forward in a very meaningful way.  Side note: It will be interesting to see how Microsoft handles GitHub repositories that undermine Microsoft products, like Xbox emulators… 
The future of the Mac comes from iOS apps | The Verge
www.theverge.comShare
“To understand what Apple’s doing, first we need to understand why we’re even having this discussion in the first place. Apple wants to make it easier for mobile developers to get something like their mobile apps on the Mac.”
Since end-user demand for mobile apps is greater than web apps, it makes sense that Apple is creating a pathway for iOS developers to share lightweight, mobile apps with Mac users. As mobile-first continues to dominate digital business strategy, organizations should ensure their mobile app development process includes protections against data leakage or unnecessary vulnerability gaps.  
Android Security Bulletin: Everything you need to know! | Android Central
www.androidcentral.comShare
“Update, June 4: Google has detailed the latest Android Security Bulletin and released June 2018 security updates for the Pixel and Nexus devices.”
Mobile-Phone Malware Is Rising. Blame Spies. | WSJ
www.wsj.comShare
“Victims are often tricked into downloading “Trojan horse” software that masquerades as a different program—a videoconferencing or security app, for example. The software is often built by contractors or freelance developers who sell it to government clients.”
New permission group in Android P makes it clear when apps want to read call log or phone number | XDA Developers
www.xda-developers.comShare
“The biggest part of the update is the finalized APIs, which means that you can build an application now targeting API 28, Android P. In Developer Preview 3, a new permission group has been added. This permission group pertains specifically to the Android call log, meaning that when an application wants to read your call log or phone numbers, a prominent, user-facing message will display telling them exactly what kind of access they are granting an app.”
Amazon will stop selling connected toy filled with security issues | CNET
www.cnet.comShare
“Amazon said it has pulled CloudPets, a smart toy that researchers said was riddled with security flaws, from its online store. Last week, Walmart and Target stopped selling the toy. Amazon began removing CloudPets on Tuesday morning.”
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue