The Department of Defense’s Inspector General released a management advisory on 9 Feb 2023 titled “The DoD’s Use of Mobile Applications” (version with highlights). The advisory determined that:
“DoD personnel are conducting official business on their DoD mobile devices using mobile applications in violation of Federal and DoD electronic messaging and records retention policies” “DoD personnel are downloading mobile applications to their DoD mobile devices that could pose operational and cybersecurity risks to DoD information and information systems.
The National Security Agency (NSA) maintains a list of NSA Cybersecurity Advisories & Guidance and recently released a list of Best Practices For Securing Your Home Network. These are certainly worth taking a look at and for folks worried about downloading a PDF from the NSA, I’ve listed the primary recommendations at the bottom of this blog.
While reviewing the document, though, I noticed a link to their Mobile Device Best Practices and wanted to pass that along as well.
Your weekly digest of Mobile Security and Privacy News in under 8 minutes! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy.
If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video.
Here’s links to the briefings covered in this weekly digest:
On the more technical side, my friend Sebas creates a curated weekly summary of security (and other) topics in the Security Pills Newsletter. In Issue 27, he linked to an interesting technical write up of the great lengths TikTok has gone to obfuscate how their code works and in particular related to the sensitive personal data collected (shout our to vetias at nullpt.rs for the excellent re work and write up).
On 14 Feb 2023, Scandinavian Airlines warned users to stop using their mobile app as they were under an active cyberattack and user’s may receive incorrect data, including other customer’s personal information including:
contact details previous and upcoming flights last four digits of the credit card number The incident was resolved several hours later but additional details are not available at this time. The last updated was posted in the Newsroom section of the SAS website on February 15, 2023 12:56.
Apple released an emergency update to iOS, iPadOS, macOS and Safari on 13 Feb 2023 to patch a security flaw in WebKit, a web browser engine developed by Apple which powers many apps in the Apple ecosystem and beyond. The Security update page was updated on 20 Feb 2023 to include information on additional security flaws patched in the software update.
If you haven’t updated your Apple devices yet, you should stop reading this article and upgrade immediately!
In late January 2023, California Attorney General Rob Bonta announced a CCPA (California Consumer Privacy Act) enforcement focus on mobile apps. The enforcement focuses on “popular apps in the retail, travel, and food service industries” that don’t allow or comply with consumer opt-out requests.
A recent CCPA settlement involving Sephora cost the company $1.2m in penalties and obviously compliance with CCPA plus regular reporting to the AG’s office. We’re also seeing federal enforcement of mobile app privacy issues from the FTC, most recently with a $1.
In my previous post, I detailed “How to export an Ad Hoc iOS ipa using Xcode” however there are advantages to exporting an iOS app archive using the command line. Top of mind reasons include:
faster than using Xcode with a mouse can automate the build process (e.g. with GitHub Actions) Make sure you followed along in the previous post so all prerequisites are met or have an active iOS app that you’ve successfully built and exported at least once.
There are multiple ways to distribute an iOS app including the Apple App Store as well as an Ad Hoc build of your app that you can distribute and test on physical devices or services like NowSecure Platform for automated security and privacy testing (disclosure: I’m a co-founder at NowSecure).
In this blog, I’ll walk you through the steps to export an iOS app using the Ad Hoc distribution method using Xcode.
There are multiple ways to install Xcode on macOS and in this blog we’ll walk you through the three most common techniques:
Mac App Store Apple Developer website Install Xcode with brew 1. Mac App Store Perhaps the easiest way to install Xcode is to use the Mac App Store. First run the Mac App Store app (⌘+Space and type app store) and then search for xcode:
Next select GET and finally INSTALL (mine shows OPEN since I’ve already installed it) .