Questions tagged [mobile-app]
The mobile-app tag has no usage guidance.
34
questions
0
votes
0
answers
20
views
Is there any software needed to install from Parrot OS for TP-Link UB500 Nano USB bluetooth 5.0? [closed]
I am performing experiment on trying to capture Bluetooth traffic from the fitness device to the Mobile App installed on the Phone.
I am using commands like gatttool, hciconfig, hcitool lescan to scan ...
0
votes
0
answers
72
views
Secure Passwordless MFA authentication on mobile app
I want to secure my mobile app with a passwordless MFA mechanism.
The registration/login flow would be:
You register you account online with a username and a mobile phone (an OTP will be sent to ...
0
votes
1
answer
111
views
How to securely use service account credentials in an Android App
I have an Android application distributed to my users through an .apk file. That app collects some data, and my goal is to upload that data to a cloud service, like BigQuery. To achieve this, I am ...
1
vote
1
answer
348
views
Bypassing root detection qualify as a vulnerability?
I am working on security testing of an android application. There is a root detection in the Android application. objection, frida etc. It is possible to bypass this with ways.
My main question is: ...
1
vote
0
answers
111
views
Is Android SOS being used as privilege escalation or settings bypass?
I have been getting random SOS countdowns triggered on my phone. Every time this happens, a pop-up appears telling me that unknown numbers have been temporarily unblocked. The most recent instance was ...
2
votes
0
answers
173
views
Storing encrypted data in iOS keychain
In my Unity app in C# I am using a 3rd party script which allows me store and retrieve data using iOS keychain. The stored data is a private user generated key which is used to encrypt data before ...
1
vote
0
answers
142
views
MobSF Android Activity APK Pentest
it is my first time with MobSF and Android APK assessment. I have found something while testing a specific APK and I am trying to understand the concept behind it:
Under HARDCODED_SECRETS in MobSF, ...
0
votes
1
answer
261
views
Are there IoT devices that send data home despite blocked internet connection (with the detour via bluetooth on the phone)?
I am increasingly buying IoT aka smart devices for my household.
All these devices need to be connected to WLAN and proprietary app (via bluetooth on iPhone). I do this initial step, but then block ...
2
votes
1
answer
75
views
Mobile App Security for Spotify [closed]
This is a little bit crazy.
A long time ago, I created a Spotify account using Facebook credentials.
A few years ago, I stopped my premium subscription, deleted Spotify from all devices and didn't ...
0
votes
1
answer
145
views
If software use encryption to protect one from ISP providers and other parties from snooping, how does this apply to browser software, esp. on mobile?
I believe the title says it all.
As an example, let's say I use the Brave browser on a phone.
From my understanding, all legitimate apps or computer software that connect to the Internet have some ...
1
vote
1
answer
120
views
How to deal with targeted attacks from publisher when verifying the integrity of native applications and validating their source code?
I am trying to reason about how native apps can avoid the problems web apps have in dealing with the "Browser Cryptography Chicken and Egg" problem, which has been discussed numerous times ...
0
votes
0
answers
123
views
How to use TokenAuthentication in mobile apps?
I'm working on a mobile application, using django rest-framework as backend, and I'd like to archive the maximum security possible.
Now when the user log-in with email and password I generate a token, ...
0
votes
1
answer
240
views
Downside of resource owner password flow for native mobile apps?
I have seen some similar questions a few years old and I am not sure if there are any new changing views on this.
I see that this flow is not recommended for mobile native apps. What are the practical ...
3
votes
0
answers
354
views
Security of in-app Forgot Password workflow in Xamarin (Mobile App) without using a website
I decided to implement "forgotten password" functionality, without having to create a website just for that. The usual workflow that I've seen for any app is:
User requests password reset
...
0
votes
1
answer
208
views
What's the threat model of mobile security? [closed]
When reading about mobile security, the attacker is often assumed to have root access to the device, so as to patch the application or proxy all network traffic.
I see that such applications may have ...