#appsecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #appsecurity, aggregated by home.social.
-
Thank you to 7AI for making our May meetup possible!
This month's meetup we have Anshumaan Mishra who will talk about securing FastAPI Email WebApp while Will Lefevers will show us How the internet enables organized cyber-crime
RSVP at - https://buff.ly/ydemfjY
-
Our May meetup is full but you might just get lucky and get a spot in. Make sure to RSVP to be on the waitlist.
This month's meetup we have Anshumaan Mishra who will talk about securing FastAPI Email WebApp while Will Lefevers will show us how the internet enabled organized crime.
Thank you to 7AI for hosting and sponsoring us this month!
RSVP at - https://buff.ly/ydemfjY
-
Struggling with slow and insecure mobile apps?
Discover our latest blog to know how modernizing legacy systems can significantly improve performance, strengthen security, and future-proof your applications.#MobileAppDevelopment #AppSecurity #LegacySystemModernization #DigitalTransformation #TechUpgrade #AppPerformance #ModernApps
-
OpenAI Disrupts macOS App Signing Process After Supply Chain Breach
OpenAI recently took swift action to protect its users by revoking a macOS app certificate after discovering a malicious library had been downloaded through a GitHub Actions workflow used to sign its applications. This move highlights the vulnerability of even trusted software signing processes to supply chain breaches, and the…
#SupplyChain #Macos #AppSecurity #CertificateRevocation #GithubActions
-
🤔 Oh, look! The #hackers have beaten the White House to the punch by reverse engineering their "super secure" app, revealing shocking, yet unsurprising, details: cookie tricks, GPS stalking, and #GitHub shenanigans. 🙄 And all wrapped up with a WordPress backend – because who needs national security when you have a blog to run? 😂
https://thereallo.dev/blog/decompiling-the-white-house-app #WhiteHouse #cybersecurity #reverseengineering #appsecurity #HackerNews #ngated -
What does 'we protect your data' actually mean?
Most companies: a policy.
We literally cannot read yours: that's math, not a promise.Our engineers see encrypted blobs. Nothing more. AES-256-GCM, key never leaves your device.
https://wiggwigg.ca/en/security/application-security/
#ZeroKnowledge #Privacy #InfoSec #Fediverse #CanadianTech #PrivacyCanada #IndieWeb #PasswordManager #Encryption #AppSecurity
1/3
-
What does 'we protect your data' actually mean?
Most companies: a policy.
We literally cannot read yours: that's math, not a promise.Our engineers see encrypted blobs. Nothing more. AES-256-GCM, key never leaves your device.
https://wiggwigg.ca/en/security/application-security/
#ZeroKnowledge #Privacy #InfoSec #Fediverse #CanadianTech #PrivacyCanada #IndieWeb #PasswordManager #Encryption #AppSecurity
1/3
-
What does 'we protect your data' actually mean?
Most companies: a policy.
We literally cannot read yours: that's math, not a promise.Our engineers see encrypted blobs. Nothing more. AES-256-GCM, key never leaves your device.
https://wiggwigg.ca/en/security/application-security/
#ZeroKnowledge #Privacy #InfoSec #Fediverse #CanadianTech #PrivacyCanada #IndieWeb #PasswordManager #Encryption #AppSecurity
1/3
-
Android is rolling out a new security system 🔒 for sideloading that includes developer verification, mandatory wait times, and device restarts. The goal? Disrupting scam tactics while keeping the platform open. Here's how the new flow actually works and what it means for users wanting to install apps outside official stores 📱
Read the article to learn more: https://true-tech.net/android-sideloading-security-update-2026/
#Android #Cybersecurity #Sideloading #AppSecurity #MobileSecurity
https://true-tech.net/android-sideloading-security-update-2026/
-
Google comienza a señalar a las «apps vampiro» – La Play Store ya muestra advertencias de alto consumo de batería
Se acabó el anonimato para las aplicaciones mal optimizadas. Tal como se anunció a finales de 2025, Google ha comenzado a implementar este 5 de marzo de 2026 una de las funciones más esperadas por los usuarios: avisos visuales directos en la Play Store que alertan si una aplicación consume más batería de lo normal debido a una actividad excesiva en segundo plano (Fuente Google).
Esta medida, busca presionar a los desarrolladores para que optimicen sus creaciones y ofrecer transparencia total a los usuarios antes de que pulsen el botón de instalar.
¿Cómo funciona la advertencia?
La alerta aparece en un cuadro destacado justo debajo de la calificación por estrellas y los datos de descarga de la aplicación. El mensaje es claro: “Esta aplicación puede usar más batería de lo esperado debido a una alta actividad en segundo plano”.
Este aviso no es aleatorio, sino que se basa en métricas técnicas estrictas recogidas por Android Vitals:
- El umbral del «Wake Lock»: Google penaliza a las apps que mantienen el procesador encendido (mediante partial wake locks) durante más de dos horas acumuladas en un periodo de 24 horas mientras la pantalla está apagada.
- Consistencia en el mal comportamiento: La advertencia solo aparece si el 5% de las sesiones de usuario de esa app superan dicho límite de consumo en los últimos 28 días.
Castigo doble: Menos visibilidad y advertencias rojas
Las aplicaciones que superen estos umbrales de «mala conducta» no solo recibirán el distintivo de advertencia, sino que también sufrirán en su posicionamiento:
- Exclusión de recomendaciones: Las apps identificadas como «vampiras de batería» dejarán de aparecer en las listas de recomendaciones y sugerencias de la Play Store.
- Impacto en búsquedas: Google reducirá su visibilidad en los resultados de búsqueda, priorizando alternativas que demuestren ser más eficientes energéticamente.
Colaboración con Samsung
Un dato relevante es que este nuevo sistema de medición ha sido desarrollado en conjunto con Samsung. El gigante coreano aportó datos del mundo real sobre la experiencia de sus usuarios con el drenaje de batería, ayudando a Google a ajustar los algoritmos para que la advertencia sea lo más precisa posible y no castigue injustamente a apps que necesitan procesos de fondo legítimos (como reproductores de música o navegadores GPS).
¿Qué deben hacer los desarrolladores?
Para eliminar este «sello de la vergüenza», los desarrolladores deberán auditar sus procesos de fondo y reducir el uso innecesario de energía. Google ha proporcionado nuevas herramientas de depuración para que puedan identificar exactamente qué proceso está impidiendo que el teléfono entre en modo de suspensión (deep sleep).
Con esta actualización, Google da un paso definitivo para resolver una de las quejas históricas de Android: la variabilidad en la duración de la batería causada por aplicaciones de terceros que «secuestran» los recursos del sistema sin que el usuario se dé cuenta.
#android #AndroidVitals #AppSecurity #arielmcorg #Batería #google #infosertec #innovación #PlayStore #PORTADA #Samsung #TechNews2026 #tecnología -
How VAPT Strengthens Mobile App Security: Essential Insights for Business Owners
Discover how VAPT enhances mobile app security, identifies vulnerabilities, ensures compliance, and protects business data from cyber threats for business owners.
📖 Read here: https://www.linkedin.com/pulse/how-vapt-strengthens-mobile-app-security-essential-insights-business-zwy1f/
#MobileAppSecurity #VAPT #CyberSecurity #DataProtection #BusinessSecurity #PenetrationTesting #VulnerabilityAssessment #AppSecurity #ECSInfotech #ECS
-
How VAPT Strengthens Mobile App Security: Essential Insights for Business Owners
Discover how VAPT enhances mobile app security, identifies vulnerabilities, ensures compliance, and protects business data from cyber threats for business owners.
📖 Read here: https://www.linkedin.com/pulse/how-vapt-strengthens-mobile-app-security-essential-insights-business-zwy1f/
#MobileAppSecurity #VAPT #CyberSecurity #DataProtection #BusinessSecurity #PenetrationTesting #VulnerabilityAssessment #AppSecurity #ECSInfotech #ECS
-
HSBC blocks its app due to F-Droid-installed Bitwarden
https://mastodon.neilzone.co.uk/@neil/115807834298031971
#HackerNews #HSBC #Bitwarden #F-Droid #AppSecurity #MobileBanking
-
Australia’s Under-16 Social Media Ban Begins Dec 10 - Major Compliance + Privacy Impact
https://www.technadu.com/australia-social-media-ban-age-verification-and-privacy-rules/615237/
Platforms will face $49.5M AUD penalties if they fail to enforce age checks. Verification pathways include biometrics, government IDs, financial details, and behavior-tracking signals. Experts highlight the privacy implications of scaling such data collection across multiple platforms.
VPN-based workarounds are expected - but may expose young users to malicious apps or shady operators.
#Australia #AgeVerification #Privacy #ChildSafety #Cybersecurity #AppSecurity #TechPolicy
-
Did anyone notice that the #Powershell 7.5.4.0 msi installer, as referred to by Microsoft, is flagged as a #trojan by 1 Vendor on Virustotal[.]com ?
Is this a false positive?
#Cybersecurity #malware #IT #AppSecurity #Rat -
#Hackers believed to be linked to an Indian #APT group known as #Bahamut, are using a fake #Android app called "SafeChat" to infect unsuspecting victims with #spyware that can steal a wide range of data from the phone like call logs, text, GPS coordinates and more.
It is also believed that this spyware is a variant of #Coverlm which can steal data from #Telegram, #Signal, #WhatsApp, #Viber, and #Facebook Messenger.
#infosec #cybersecurity #AndroidSecurity #appsecurity #malware
https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/ -
McDonald’s Delivery App Bug Let Customers Orders For Just $0.01 https://gbhackers.com/mcdonalds-1-cent-bug/ #VulnerabilityAnalysis #CyberSecurityNews #cybersecurity #appsecurity #BugBounty
-
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.
-
Don't miss this insightful article from Vocal Media on How to choose the right Application Delivery Controller for your business needs:
https://www.relianoid.com/about-us/relianoid-related-articles/
#ADCSelection #ITInfrastructure #ApplicationPerformance #ADCTips #LoadBalancing #SSLoffloading #WebSecurity #NetworkOptimization #TechGuide #ITDecisionMaking #CloudSolutions #HybridDeployment #Scalability #TotalCostOfOwnership #VendorEvaluation #TechSupport #ITPlanning #PerformanceMonitoring #AppSecurity #NetworkManagement #ITStrategy
-
Google is enabling sideloading of unverified apps for advanced users soon! 🚀🔓 This move opens new possibilities but also calls for caution with app security. Stay informed and explore new Android flexibility! 📱⚠️ #Google #Android #Sideloading #AppSecurity https://www.heise.de/news/Google-Unverifizierte-Apps-bald-per-Sideloading-fuer-erfahrene-Nutzer-11076803.html
-
Google Eases Android Sideloading Rules After Developer Backlash
#Google #Android #Sideloading #Devs #OpenSource #AndroidDev #KeepAndroidOpen #AppSecurity #BigTech #SoftwareDevelopment #Alphabet
-
🔒 Verify app authenticity effortlessly with AppVerifier! This powerful tool checks app signing certificate hashes to ensure your apps are genuine and secure. Perfect for Android users who value safety and trust. 💪🔐 #AppSecurity #Android #TechSafety #OpenSource
Explore more: https://github.com/soupslurpr/AppVerifier
-
NowSecure was featured in Help Net Security’s Infosec Products of the Month! 🔐 The new NowSecure Privacy offering helps teams find and fix mobile app #privacy risks fast - keeping data safe and compliant: https://loom.ly/ECgO2TQ
-
Neon, the app that *paid* for your call recordings, is now disabled thanks to a security flaw. Yet, it's still a top-downloaded iOS app. Paying for your data *and* exposing it? Now that's what I call a value proposition! What's the sketchiest app you've willingly given your data to? #AppSecurity #PrivacyFail #iOS #TechNews #DataPrivacy
https://www.cnet.com/tech/services-and-software/neon-the-popular-free-app-that-pays-for-your-call-recordings-has-been-disabled/#ftag=CAD590a51e -
🔒🚀 Un super retour d’expérience d’Amadeus à Riviera DEV 🌴
- Comment activer la sécurité dès les premières étapes du développement,
- Automatiser la validation OAuth2 dans la CI grâce aux mocks #Microcks,
- Garantir la sécurité de bout en bout des applications,
- Et surtout, impliquer les développeurs dans une véritable approche #DevSecOps.👉 https://www.youtube.com/watch?v=kBYEwd1Zpz8&t=0s
Un bel exemple concret d’intégration sécurité + dev dans la vie réelle 💡
-
Google to verify all Android developers by Sept 2026, closing loopholes in sideloading & third-party stores to boost security & accountability.
#Google #Android #AppSecurity #Developers #PlayStore #TECHi
Read Full Article Here :- https://www.techi.com/google-verifies-android-developers-to-curb-malicious-apps/
-
Google is ramping up Android security—every app developer now needs to verify their identity. Could this be the breakthrough to finally shut down malware? Dive in to see how this move might make your phone safer.
#androidsecurity
#googleplay
#developerverification
#malwareprotection
#appsecurity -
Google to require developer verification for Android apps outside the Play Store
#HackerNews #Google #Android #DeveloperVerification #PlayStore #AppSecurity
-
👋 Greetings & WELCOME to Day 2 of AppSec Village at @defcon 33!
Talks, workshops, demos, CTFs, and hands-on activity pods are in full swing - and the best part? Meeting the community!!
Are you new to the Village? Ask one of our amazing volunteers - they'll point you in the right direction.
We'll be here from 10am - 6pm.
Full schedule: https://buff.ly/QYwybj9
Come say hello, swap stories, and discover what’s new in AppSec!
-
🫖 The Tea app promised women a safe space to share dating experiences via a digital whisper‑network. Instead, two massive data breaches exposed sensitive user content—drivers licenses, selfies, and private messages about infidelity, abortions, and personal accusations. 🤦🏻♂️ It’s another example of good intention meeting insecure design. When apps collect high-risk data without robust protections from the start, trust becomes a vulnerability.
TL;DR
⚠️ 72 K ID photos and selfies leaked
🧠 1.1 M user messages exposed, including intimate details
🔐 Messaging feature suspended after breach
🔍 Raises deeper questions about platform responsibilityhttps://www.npr.org/2025/08/02/nx-s1-5483886/tea-app-breach-hacked-whisper-networks
#DataBreach #DigitalTrust #WhisperNetworks #AppSecurity #security #privacy #cloud #infosec #cybersecurity -
How to gain code execution on hundreds of millions of people and popular apps — https://kibty.town/blog/todesktop/
#HackerNews #codeexecution #hacking #cybersecurity #appsecurity #exploit -
How to gain code execution on hundreds of millions of people and popular apps — https://kibty.town/blog/todesktop/
#HackerNews #codeexecution #hacking #cybersecurity #appsecurity #exploit -
How to gain code execution on hundreds of millions of people and popular apps — https://kibty.town/blog/todesktop/
#HackerNews #codeexecution #hacking #cybersecurity #appsecurity #exploit -
Touch ‘n Go eWallet will require eKYC verification for all customers by end of 2024 #apps #appsecurity #digitallife #ekyc #ewallet #news #tng #tngewallet #touchngo #touchngoewallet
-
Security Audit Says Perplexity's Android App is Unsafe, Cites Critical Flaws
#AI #PerplexityAI #AndroidSecurity #AppSecurity #Cybersecurity #Vulnerabilities #DataPrivacy #Appknox #MobileSecurity #Infosec #SecurityAudit
-
Security Audit Says Perplexity's Android App is Unsafe, Cites Critical Flaws
#AI #PerplexityAI #AndroidSecurity #AppSecurity #Cybersecurity #Vulnerabilities #DataPrivacy #Appknox #MobileSecurity #Infosec #SecurityAudit
-
📢 New blog post alert! 📢
Check out our latest blog post "A Deep Dive into Penetration Testing of macOS Applications (Part 2)"! 🕵️♀️🖥️🔍
In this post, we discuss code signing mechanisms, code signature flags, and file and memory analysis techniques and tools. 💻🔒💡
Learn how to identify potential vulnerabilities and strengthen your macOS application security! 💪
Read the full article here: https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-2
#macOS #cybersecurity #pentesting #infosec #blogpost #appsecurity #hardenedruntime #entitlements #fileanalysis #memoryanalysis #securityresearch
-
𝐑𝐚𝐭𝐞 𝐋𝐢𝐦𝐢𝐭𝐢𝐧𝐠 𝐅𝐞𝐚𝐭𝐮𝐫𝐞 𝐟𝐨𝐫 𝐀𝐳𝐮𝐫𝐞 𝐖𝐀𝐅 𝐨𝐧 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐆𝐚𝐭𝐞𝐰𝐚𝐲 𝐧𝐨𝐰 𝐢𝐧 𝐏𝐫𝐞𝐯𝐢𝐞𝐰
This feature allows you to define custom rules to limit the number of requests from different sources, such as IP addresses, geographies, or user sessions.
#azure #microsoft #azuresecurity #waf #webapplicationgateway #appsecurity #azureapplicationgateway #appsec #webapplicationfirewall #firewall #ddos #azurewaf #cybersecurity #cloud #cloudnative #cloudsecurity #soc
-
How to Use Azure Front Door's Web Application Firewall (WAF) to Protect Your Web Apps
#azure #azuresecurity #waf #webapplicationfirewall #appsecurity #owasp #azurefrontdoor #cdn #microsoft #microsoftsecurity #xss #sqlinjection #cloud #cloudnative #cloudsecurity #multicloud
-
https://youtube.com/shorts/jhZUx3eYAg0?si=jQDYvhPKxsitp7pz
Spilled Tea Unleashed: The Dark Side of a Dating App Breach!
.
.
.
Linktr.ee/562AlexD#TeaApp
#SeanCook
#Salesforce
#Shutterfly
#DatingSafety
#DataBreach
#Cybersecurity
#PrivacyMatters
#HackingNews
#TechScandal
#OnlineSafety
#WomenTech
#AppSecurity
#DigitalPrivacy
#Tech -
https://youtube.com/shorts/jhZUx3eYAg0?si=jQDYvhPKxsitp7pz
Spilled Tea Unleashed: The Dark Side of a Dating App Breach!
.
.
.
Linktr.ee/562AlexD#TeaApp
#SeanCook
#Salesforce
#Shutterfly
#DatingSafety
#DataBreach
#Cybersecurity
#PrivacyMatters
#HackingNews
#TechScandal
#OnlineSafety
#WomenTech
#AppSecurity
#DigitalPrivacy
#Tech -
https://youtube.com/shorts/jhZUx3eYAg0?si=jQDYvhPKxsitp7pz
Spilled Tea Unleashed: The Dark Side of a Dating App Breach!
.
.
.
Linktr.ee/562AlexD#TeaApp
#SeanCook
#Salesforce
#Shutterfly
#DatingSafety
#DataBreach
#Cybersecurity
#PrivacyMatters
#HackingNews
#TechScandal
#OnlineSafety
#WomenTech
#AppSecurity
#DigitalPrivacy
#Tech -
Essential Points to Consider Before Creating Enterprise Mobile Applications
Before developing enterprise mobile applications, it's crucial to consider scalability, security, and integration. These factors ensure smooth performance and align the app with business goals and user needs.
#EnterpriseApps
#MobileAppDevelopment
#EnterpriseMobility
#AppDevelopmentTips
#BusinessApps
#TechStrategy
#EnterpriseSolutions
#AppSecurity
#UXDesign
#ScalableApps
#EnterpriseTech -
Essential Points to Consider Before Creating Enterprise Mobile Applications
Before developing enterprise mobile applications, it's crucial to consider scalability, security, and integration. These factors ensure smooth performance and align the app with business goals and user needs.
#EnterpriseApps
#MobileAppDevelopment
#EnterpriseMobility
#AppDevelopmentTips
#BusinessApps
#TechStrategy
#EnterpriseSolutions
#AppSecurity
#UXDesign
#ScalableApps
#EnterpriseTech -
NSO Group security researchers flip from red to blue, launching Kodem with $25M #funding to protect apps from runtime attacks
-
In our latest blog post, our chefs from 🇮🇹 and 🇫🇷 have collaborated to bring you a culinary masterpiece! Learn Lorenzo Stella and Maxence Schmitt's recipe for a tasty arbitrary file write to RCE via abusing #uWSGI files. Bon appétit!
#doyensec #appsec #appsecurity #penetrationtesting
https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html
-
Network Monitoring with Termux: Practical Approaches to Mobile Security
https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/
#termux #appsecurity #networksecurity #tcpdump #mobilecybersecurity #ethicalhacking
-
Angular Security: 5 Practices Every Developer Should Know
https://www.tuvoc.com/blog/angular-security-5-practices-every-developer-should-know/
Enhance your Angular applications with top security practices every developer should know. Learn how to prevent common vulnerabilities and protect your app from threats.
#Angular
#WebSecurity
#CyberSecurity
#AngularBestPractices
#SecureCoding
#FrontendSecurity
#JavaScript
#WebDevelopment
#AppSecurity
#DataProtection
#SecurityBestPractices
#CodingTips
#SecureWebApps
#AngularDevelopment
#DevSecOps -
🔒 Verizon call log exposure was more than a bug—it was a real-time surveillance risk.
A serious flaw in Verizon’s pre-installed Call Filter iOS app allowed unauthorized access to detailed incoming call logs of any Verizon user.
Discovered by ethical hacker Evan Connelly in February and patched in March, the issue:
・📱Affected millions using the app to block spam and ID unknown numbers
・📂 Could have exposed call histories of journalists, law enforcement, and public officials
・🚨 Raised massive concerns around privacy and real-time surveillanceVerizon confirmed the fix, but experts stress this as a wake-up call for rigorous mobile app security—especially those preloaded at scale.
👉 https://www.newsweek.com/verizon-expose-customer-call-history-hack-2055247
#CyberSecurity #Verizon #PrivacyBreach #AppSecurity #Surveillance #DataProtection #EthicalHacking #MobileSecurity
-
𝐈𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐢𝐧𝐠 𝐀𝐳𝐮𝐫𝐞 𝐖𝐞𝐛 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥'𝐬 𝐒𝐞𝐧𝐬𝐢𝐭𝐢𝐯𝐞 𝐃𝐚𝐭𝐚 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 (𝐏𝐫𝐞𝐯𝐢𝐞𝐰)!
Data privacy is paramount, and Azure Web Application Firewall (WAF) has taken a step forward with Log Scrubbing.
This preview feature allows you to remove sensitive information from WAF logs, ensuring enhanced privacy and compliance. Safeguard your data with Azure WAF's Log Scrubbing.
Learn more:
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection
#DataPrivacy #AzureWAF #waf #logging #data #privacy #scrubbing #logscrubbing #azure #compliance #cloudnative #appsecurity #webapp #cybersecurity #microsoftsecurity #microsoft