logo

Unlocking Mobile App Security Secrets

2021-09-24

Authors:   Jan Seredynski


Summary

The presentation discusses the importance of application integrity in cybersecurity and the potential risks of not implementing it. It also provides some do-it-yourself tips for developers to ensure application integrity.
  • Application integrity is about verifying that the user is running on the original version of the app and that no resources have been changed.
  • Without application integrity, apps can be redistributed for free with built-in cheats or modified assets.
  • Developers can implement application integrity by checking for bundle ID, verifying the signature of the app, and checking for a debuggable state.
  • Clean code and obfuscation can also help prevent IP theft and make it harder for attackers to understand the code.
Duolingo, a language learning app, was hacked to include a course for a driving license. The hackers added a JSON file or modified assets to add the new course. This illustrates the potential risks of not implementing application integrity.

Abstract

Abstract:Mobile game cheats have become widely accessible. Whether in the form of walking through walls in games like Among Us, bypassing payments or installing paid apps for free, cheats are now common practice.In this presentation, we explore the underlying techniques used to hack and cheat popular games and discuss how the techniques apply across all industries.We highlight the top three most common areas of compromise, identify several countermeasures for each area, and include concrete tips for implementing them successfully in your iOS or Android app.The key takeaway? The same key principles we use to counter game cheats and hacks can be used to protect all types of mobile applications – from healthcare, to e-commerce, to banking and beyond!

Materials:

Post a comment

Related work

Conference:  Black Hat Asia 2023
Authors: Rohan Aggarwal
2023-05-11