In the series, I will build a simple Hacker News reader for iOS using Firebase, SwiftUI and GitHub Copilot X. In this first session, I tackle the following:
Setup and configure VSCode Insiders Install and configure GitHub Copilot Nightly Setup Firebase for iOS leveraging GitHub Copilot Chat I was added to the GitHub Copilot Chat technical preview and will share my experiences with Copilot Chat and Copilot in general. Since Copilot Chat is currently only available in VSCode, I will also be learning VSCode in addition to being new to Swift UI and iOS app programming!
I built a simple iOS app using GitHub Copilot and based on Angela Yu’s excellent iOS & Swift Bootcamp on Udemy. This post is hopefully the first of many sharing my experience with GitHub Copilot and LLM technologies in general. This initial look examines how to using GitHub Copilot with Xcode and neovim, shows results from prompting (amazing autocomplete) and how to resolve a few issues along the way.
GitHub Actions are a great way to incorporate DevOps and DevSecOps into mobile development. This post documents the steps to build a React Native iOS app with GitHub Actions (without using any 3rd party actions). Many of the steps will be the same as the previous post on “How to build an iOS app with GitHub Actions [2023]” so definitely check that out for a more complete explanation of the various steps below.
Your weekly digest of Mobile Security and Privacy News in under 9 minutes! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy.
If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video.
Here’s links to the briefings covered in this weekly digest:
In late January, Apple released a security update for what most folks would consider an ancient version of iOS (iOS 12.5.7). It’s rare to see an update for an iOS version that’s 4 major versions old so anyone organization with older iOS devices should take note.
I routinely check out Apple’s security updates page to monitor for bugs that require quick mitigation. You can see the specific security contents for iOS 12.
Sophos released some great analysis last month on fraudulent trading apps in Apple and Google app stores.
What really caught my interest was how the apps passed the app approval processes at both Apple and Google. As a mobile security researcher, I’ve long known that the review processes on both the App Store and Play Store are no substitute for bespoke mobile app security and privacy testing (full disclosure: I’m the co-founder of NowSecure).
“BetterHelp will be required to pay $7.8 million for deceiving consumers after promising to keep sensitive personal data private” reads the subtitle to the FTC press release on 2 Mar 2023. While BetterHelp roll out the tired response that the settlement “is no admission of wrongdoing”, it can still be true if you don’t admit it.
What exactly did they do? From the FTC complaint:
BetterHelp used and revealed consumers’ email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes, according to the FTC’s complaint
Building on my previous “How to build an iOS app archive via command line” post, let’s now automate the process using GitHub Actions! There are a number of mobile CI/CD capabilities out there such as BitRise, CodeMagic, Jenkins, CircleCI and even Xcode Cloud but there are a lot of advantages to handling CI/CD directly in GitHub including (to name a few):
Already has access to source code Native developer experience Managing your CI/CD configuration in a source controlled yaml file GitHub Marketplace is open and has a massive number of integrations and helpful actions When I first embarked on this technical how to, I have to admit it was pretty overwhelming.
Your weekly digest of Mobile Security and Privacy News in under 8 minutes (shoot, 17 mins this week, sorry)! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy.
If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video.
Here’s links to the briefings covered in this weekly digest:
Top10VPN researchers uncovered privacy violations in the top 10 unofficial ChatGPT apps on the Apple App and Android Play Stores. I say unofficial because OpenAI does not offer official ChatGPT mobile apps (you should use ChatGPT via the web interface).
It’s not surprising that a technology that exploded into the mainstream so quickly would also create an opportunity for privacy (and probably security) abuse. Many folks are probably not aware that these apps are unofficial and certainly don’t inspect what sort of data is collected.