Questions tagged [mobile]
Security in mobile devices. Issues concerning regular cellphones, smartphones, tablet computers and other portable information devices all fit into this category. If your question is specific to one of the following, use it instead: [phone], [smartphone], [iphone], [ios], [windows-phone], [android].
1,069
questions
0
votes
1
answer
106
views
Can we catch signals from a cellphone using AI to interpret the encrypted data?
Would it be possible for someone to steal EM waves from our mobile devices to listen to our conversations or get our OTP?
Whatever encryptions they have they are just EM waves. Based on the patterns ...
1
vote
0
answers
30
views
Possibility of eavesdropping on app-server comms after redirect to deep link
I'm being asked to investigate a possible attack vector that I don't understand and I don't want to take action that is useless or even negatively affects users if it isn't going to address something ...
- 111
1
vote
0
answers
39
views
Authenticating via device
I want to authenticate users based on their devices. Basically, when a user deletes my app, I want to make sure that their local storage is independent of who they are, so that they do not evade a ban ...
- 33
0
votes
0
answers
46
views
Does the Samsung keyboard for Android phones send user input anywhere?
I've heard of this rumor (here, for example) but no clear investigation/confirmation.
- 101
1
vote
0
answers
53
views
Photos are recoverable but videos are not on my vivo x27 phone [closed]
In order to test data recovery apps, I have conducted experiments where I took photos and videos, deleted them permanently, then attempted to recover them immediately. The photos can be recovered ...
- 11
0
votes
0
answers
220
views
Opening a mobile banking app in an unknown Wifi [duplicate]
At Travel.SE, we have an HNQ: How to make my credit card "less" secure for travel? about how to reduce the number of false credit card declines when traveling abroad.
The current top answer ...
- 101
1
vote
0
answers
206
views
Is it normal for ns.sipgeo.t-mobile.com to bypass DNS and VPN settings on iOS, iPadOS, and macOS? [closed]
I’ve been using NextDNS to monitor DNS lookups on my devices in an effort to figure out how they’re being remotely controlled and I notice that ns.sipgeo.t-mobile.com is simply able to bypass both DNS ...
- 143
1
vote
1
answer
501
views
Is it secure to use session ID as authentication token received from an HTTP header?
I am writing a mobile application for an already existing web app.
In the backend, I implemented the usual cookie-based session ID authentication. with a CSRF token generated on login and sent with ...
- 13
2
votes
2
answers
490
views
Does Signal store mobile phone numbers server-side in plain text?
Does Signal (the company) keep or ever have mobile phone numbers in plaintext (on any form of server-side storage)?
I searched the web and couldn't find an official statement/documentation/answer/code/...
- 125
1
vote
0
answers
123
views
Are banks significantly reducing security by migrating everyone to mobile banking?
I have noticed a disturbing trend across banks (in the EU). Previously, many banks used 2FA by combining a login/password for an online banking website with a mobile authenticator app. However, many ...
- 851
1
vote
1
answer
1k
views
Is there a problem with the use of HTTP cookies as auth tokens in mobile apps?
Imagine you have a website, for which you have configured a proper and secure session management / login system, using first-party / session cookies. Any interaction with that website is setup in the ...
- 141
0
votes
0
answers
208
views
Bypassing AES encryption if the keys are not in local,but in server
When I conduct a mobile pentest, I have run into payload encryption in HTTP traffic. In general, the AES key and IV ( initialization vector) are located in APK, and can be used to encrypt the payload ...
1
vote
0
answers
179
views
How to pentest apps running on HarmonyOS
I could not find any checklist for pentesting apps on HarmonyOS. I know HarmonyOS is based on Android, and all Android applications work on HarmonyOS if I use hms instead of gms. So would an Android ...
- 13
1
vote
0
answers
104
views
Caller hijacking in Croatia [closed]
I got this issue today and I'm completely confused.
Here is the story:
I'm from Germany and on vacation in Croatia (all inside the EU with EU Roaming) with my German cellphone and German sim card.
I ...
- 11
1
vote
1
answer
294
views
Can mobile hardware have backdoor access to camera, microphone that bypasses operating system?
I found out about AOSP variants such as Calyx, Graphene, etc. They promise increased security. I want to know if hardware backdoors can allow access to the camera, microphone, etc. and subsequently ...
- 13