iOS Introducing security.plist tl;dr It's like security.txt but for iOS applications. As probably you know by now, I spend a lot of my free time reverse engineering iOS applications. But when I find a
Privacy What checkm8 means for stalkerware on iOS On Friday, September 27th 2019 many of us on the mobile security community were surprised with the news of a SecureROM vulnerability disclosed on Twitter by @axi0mX. axi0mX described it as "a permanent
Privacy Analyzing iOS Stalkerware Applications Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target's device (usually their partner) to spy on them, snooping in as much data as they can. They
Reverse Engineering Investigating some subscription scam iOS apps For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium
Cryptography Created an "age" mobile client A few days ago Filippo Valsorda twitted about a simple, secure and modern encryption tool that will hopefully substitute gpg. Filippo, along with Ben Cox, published a document detailing the output file and
Android Mobile App Sec Assemble One of the reasons why I write blog posts about mobile app sec is for future me. I don't have a good memory so these posts help me refresh techniques and steps I
Mobile Who's collecting analytics data from mobile apps? I have the absolute pleasure and honour of being one of the beta testers of the GuardianApp. In an upcoming post I'll be explaining in more detail how it helps protect your privacy.
iOS Announcing my very own course: "Reverse Engineer iOS Applications" 📱 Big news! (or at least for me 😬) I've decided to create my own take on an online course to show beginner and intermediate researchers how to reverse engineer iOS applications. This course is
