Tag Archives

Archive of posts published in the tag: security

Getting ready for the new iOS 9 ATS feature

With the goal of enforcing best practices for secure network connections, iOS 9 introduces new security requirements and behavior with its new App Transport Security (ATS) feature. If you are not planning to recompile your apps with Apple’s iOS 9 SDK (or Xcode…

Bit.ly is not in Lybia

When deploying (mobile) apps for verticals such as Healthcare or Banking, you typically have to get the app approved or blessed by the customer’s IT security team. Some tips or info: Only deploy, even for Proof of Concepts (POCs), properly signed apps Do…

NIST releases guide to mobile app security (early 2015)

NIST Special Publication 800-163 Vetting the Security of Mobile Applications Steve Quirolgico Jeffrey Voas Tom Karygiannis Christoph Michael Karen Scarfone This publication is available free of charge from: http://dx.doi.org/10.6028/NIST.SP.800-163. Also attached: NIST.SP.800-163 /ceo

On Location (and Other Sensitive) Data

Installing apps, Android in this case, is at times a bit of WTF. It shouldn’t have to, but it is. The amount of personal information that some apps gather can be extreme. This concern is especially true after Google removed the very necessary…

Android App Ops is a Step Forward

Update Dec/15/2013: Two weeks after I wrote this piece below, Google removed App Ops… See Android App Ops *WAS* a Step Forward, and stay tuned. One of Android’s top limitations, one that totally drives me nuts, is its security model, in particular the…

Security & Privacy on Mobile Apps, Part 3 – PCI Compliance

This is Part 3 of a series on Security & Privacy for Mobile Apps. Part 1 of this series introduced main concepts related to security on mobile apps. Part 2 went deeper into the security elements and guidelines related to security and privacy…

Security & Privacy on Mobile Apps, Part 1 – Introduction

This is Part 1 of a series on Security & Privacy for Mobile Apps. (Note: in this article mobile apps means both native and webapps) Are you Serious About Security on your mobile apps or webapps? Security and privacy is an area that…

Article: Understanding security on Android

“When you develop Android applications, you must deal with a number of security-related aspects, including application processes and sandboxes, code and data sharing, system protection through application signing, and permissions use.” See my article Understanding security on Android (IBM developerWorks) which introduces the…

The BlackBerry Ban Debacle and General Implications

And the world has suddenly gone paranoid and/or Big-Brother with RIM: In the UAE where “The issue … against BlackBerry’s super-secure encrypted services” (Reuters); In India where “Indian officials say they need to be able to intercept BlackBerry messages” (Information Week); In Indonesia…

Copyright © 2001-2017 -- Carlos Enrique Ortiz.