Security Why embedding secrets in mobile apps is not a good idea This is a somewhat complicated topic to cover, but I'll try to go into detail on why, generally, this is not a good idea and you should avoid embedding secrets
Privacy OPSEC tips for the general public It's always a good idea to properly configure your computer and smartphone, know how to securely communicate with others and how to read, write and share content while protecting your
iOS Introducing security.plist tl;dr It's like security.txt but for iOS applications. As probably you know by now, I spend a lot of my free time reverse engineering iOS applications. But when
Privacy What checkm8 means for stalkerware on iOS On Friday, September 27th 2019 many of us on the mobile security community were surprised with the news of a SecureROM vulnerability disclosed on Twitter by @axi0mX. axi0mX described it
Privacy Analyzing iOS Stalkerware Applications Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target's device (usually their partner) to spy on them, snooping in as much data as
Reverse Engineering Investigating some subscription scam iOS apps For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's
Cryptography Created an "age" mobile client A few days ago Filippo Valsorda twitted about a simple, secure and modern encryption tool that will hopefully substitute gpg. Filippo, along with Ben Cox, published a document detailing the
Android Mobile App Sec Assemble One of the reasons why I write blog posts about mobile app sec is for future me. I don't have a good memory so these posts help me refresh techniques
Mobile Who's collecting analytics data from mobile apps? I have the absolute pleasure and honour of being one of the beta testers of the GuardianApp. In an upcoming post I'll be explaining in more detail how it helps
iOS Announcing my very own course: "Reverse Engineer iOS Applications" 📱 Big news! (or at least for me 😬) I've decided to create my own take on an online course to show beginner and intermediate researchers how to reverse engineer iOS applications.