Questions tagged [mobile-security]
12 questions
6
votes
0 answers
Android App Root detection method was bypassed by focusing specifically on the rootbeer library being used
My Android App uses rootbear library to detect rooted devices. But during app security penetration testing, rootbear root detection mechanism is bypasssed using the "unrootbeer Xposed module script"
Below are the steps followed during penetration…
Pradip Tilala
- 1,715
- 16
- 24
4
votes
5 answers
Block a URL in a WebView on Android
I want to block a link from loading within a Webview.
Code
public class WebMy extends Activity {
private WebView mWebview;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
…
user3733523
- 151
- 1
- 2
- 11
2
votes
0 answers
How to secure captured or downloaded media files in react native application
I want to secure the media file from other third-party apps like file explorer's in Android and iExplore in Mac
Here currently I am saving documents inside the app container only
I want to make the ios app not visible in third party applications…
Phani Sai
- 1,215
- 19
- 33
1
vote
1 answer
Frida: Change value of method calling enum
Looking to modify the return value of a method that is calling from an enum type. I am able to call the method and properly display the enum value into console, but then it crashes the application complaining on a compatible implementation. Example…
sloan
- 11
- 2
1
vote
2 answers
Why does Apple recommend to store passwords, secrets, and keys in iOS Keychain when apps are sandboxed?
I am struggling to understand the benefit of using iOS keychain to store application passwords, secrets, and keys. It's the recommended way to "handle" this data but I am not seeing the benefit from a security perspective.
First, apple claims the…
AyBayBay
- 1,726
- 4
- 18
- 37
1
vote
0 answers
What would happen if my iOS distribution certificate is compromised?
I am an iOS newbie and would really like to focus on the security of my iOS app signing certificates.
In my understanding, for a malicious actor to be able to misuse my leaked distribute certificate would need to crack through following 3 layers to…
Ashking
- 19
- 1
1
vote
2 answers
How to tackle bots in REST APIs
I have a mobile application where users give advertise, other users view and accept it. Recently, I began to notice that bots started to give their own advertisements. I have moderators but there a so much advertisements that it is impossible to…
Olav
- 51
- 1
- 6
0
votes
0 answers
Publish the APK in Google play store with "V4" signature
I am new to mobile development and using React Native in my project.
I am trying to publish/release my APK in the play store signed with a V4 signature.
Unlike other V1, V2 and V3 signatures which are included in the APK file itself V4 has a…
0
votes
0 answers
In flutter, which is more secure using platform functions/ dependency or dart dependency?
Im building a mobile application with flutter which the security is the highest priority so what is more secure to use native code (functions/ dependency ) or user the dart code/ dependency ?
In other words if I have function OR called x() in native…
Al-amen Pgooja
- 11
- 3
0
votes
0 answers
Can we retrieve the iphone user pass code on a jailbroken device?
Simple question, Is it possible to retrieve the iphone lock screen passcode if we jailbreak the device?
AyBayBay
- 1,726
- 4
- 18
- 37
0
votes
2 answers
Risks in shortcutting OAuth/OIDC?
I'm building an OIDC/OAuth server that will provide an SDK much like sign in with Google to be an IDP for mobile apps. We are wondering the risks of deviating from the protocol to simplify the flow.
The flow would be like this:
OIDC Server is setup…
glcohen
- 193
- 1
- 1
- 11
0
votes
1 answer
Pdf report issue on mobSF
I just installed mobSF to make a static analyze report but when i click on pdf output gives me this error :
{
pdf_error: "Cannot Generate PDF",
err_details: "wkhtmltopdf reported an error: Exit with code 1 due to network error: ProtocolUnknownError…
armin7298
- 1
- 3