Author: Lucy

Mobile security flaw places millions of app users at risk

| June 24, 2015

Researchers in Germany have now identified a common weakness in programming practices.

A research team in Germany has now stated that they have found a common poor programming practice that has left a flaw that could lead to a mobile security exposure that risks data breaches for millions of app users.

The method of authenticating users could potentially place the personal data of those individuals at risk.

The flaw in the programming could potentially expose the personal data of the users of the apps in which the developers used those mobile security practices. The reason is because of the method by which the app developers authenticate users during the data storage and retrieval processes with cloud databases, such as the Amazon Web Services and Parse at Facebook. The reasearchers are from the Darmstadt University of Technology and the Fraunhofer Institute for Secure Information Technology.

The researchers identified the mobile security flaw by looking into 750,000 Google Play and Apple Store apps.

Mobile Security threat to many usersWhat the researchers found was that many of them use mobile authentication strategies by way of basic API-tokens, despite the fact that there are other methods readily available that are considered to be notably more secure.

This app development strategy is in direct opposition to the advice for best practices that has been issues by cloud storage providers. According to a statement made by Amazon Web Services, they have been advised of a “small number” of mobile app developers who have apps that hold AWS credentials. It said that it is their belief that those developers have “inadvertently embedded their own AWS credentials within their mobile applications, which could lead to unauthorized use of the developer’s AWS services and data.”

The statement also pointed out that AWS took the step to communicate directly with each of those developers in order to offer them guidance for the removal of their credentials from the apps. They also took the step to “encourage them to carefully examine their AWS resources for unauthorised activity and provide assistance as needed.”

The German team’s leader, Professor Eric Bodden said that this was a significant mobile security issue, as they were able to identify 56 million unprotected data sets.

Unilever and Tesco get on board with geolocation technology

| June 18, 2015

The partnership has brought the two companies together for the Magnum ice cream app, using iBeacon.

Tesco has announced that it has entered into a partnership with Unilever in order to roll out geolocation technology in the form of iBeacons in 270 of its stores.

This location based tech will function to trigger exclusive savings opportunities and offers.

Through the use of geolocation technology, consumers who have downloaded and installed the Mpulse mobile app will receive offers and discount coupons whenever they pass within a certain distance of one of the participating Tesco locations. The iBeacons will be installed into the Tesco Express stores within the first rollout of this tech. It will become the largest trial of location based marketing that either of those massive brands has experienced.

The initial geolocation technology based campaign will trigger offers for the Black and Pink Magnum products.

Geolocation Technology brings companies togetherThese push notifications will be sent automatically to passersby in order to give them the opportunity to take advantage of special deals that will remain valid from the time that they receive them until the end of the month. The Mpulse app is available for download at both the Apple App Store and the Google Play Store.

According to the global brand director at Magnum, Neil Gledhill, “We’re always looking at innovative ways to deliver on Magnum’s brand promise of delivering pleasure and to be able to do it at scale with a partner like Tesco is fantastic.”

The managing director at Tesco Convenience, Tony Reed, also went on to explain that they are always on the lookout to find new and engaging methods of encouraging their customers to return to shop while being able to take advantage of attractive offers at the same time. “With summer on the way, we’re delighted to trial this concept and can’t wait to get our customers’ feedback.”

The geolocation technology based mobile app was developed using Urban Airship tech, by the Karmarama agency. It functions in conjunction with iBeacons, which create a type of geofence around a specific location. Customers traveling within that designated area will receive the deals through their apps.