Tag: mobile app development

Mobile security flaw places millions of app users at risk

| June 24, 2015

Researchers in Germany have now identified a common weakness in programming practices.

A research team in Germany has now stated that they have found a common poor programming practice that has left a flaw that could lead to a mobile security exposure that risks data breaches for millions of app users.

The method of authenticating users could potentially place the personal data of those individuals at risk.

The flaw in the programming could potentially expose the personal data of the users of the apps in which the developers used those mobile security practices. The reason is because of the method by which the app developers authenticate users during the data storage and retrieval processes with cloud databases, such as the Amazon Web Services and Parse at Facebook. The reasearchers are from the Darmstadt University of Technology and the Fraunhofer Institute for Secure Information Technology.

The researchers identified the mobile security flaw by looking into 750,000 Google Play and Apple Store apps.

Mobile Security threat to many usersWhat the researchers found was that many of them use mobile authentication strategies by way of basic API-tokens, despite the fact that there are other methods readily available that are considered to be notably more secure.

This app development strategy is in direct opposition to the advice for best practices that has been issues by cloud storage providers. According to a statement made by Amazon Web Services, they have been advised of a “small number” of mobile app developers who have apps that hold AWS credentials. It said that it is their belief that those developers have “inadvertently embedded their own AWS credentials within their mobile applications, which could lead to unauthorized use of the developer’s AWS services and data.”

The statement also pointed out that AWS took the step to communicate directly with each of those developers in order to offer them guidance for the removal of their credentials from the apps. They also took the step to “encourage them to carefully examine their AWS resources for unauthorised activity and provide assistance as needed.”

The German team’s leader, Professor Eric Bodden said that this was a significant mobile security issue, as they were able to identify 56 million unprotected data sets.

Mobile app developers now have new Facebook tools

| April 2, 2015

The top social network has recently released six new open source tools for application development.

Facebook has announced the release of six new open source projects to mobile app developers, as one of the latest components of their effort to spread the weight of application development with the goal of speeding up the creation of cutting edge solutions.

All of the new mobile development open source projects were announced at the same time at the 2015 F8 Conference.

They have been drawing a considerable amount of attention among the community of mobile app developers as many offer a notable opportunity. The online newsroom at the social network provided a brief summary of all six of the projects to provide app developers with a better look at what has now been made available to them.

The following are the open source projects that have been offered to mobile app developers by Facebook.

Mobile App Developers - New Tools• React Native – this is a native environments framework that gives app developers the chance to create high quality Android and iOS user interfaces without using WebView or a browser.

• ComponentKit – this is a native functional and declarative UI iOS library. React inspired its creation, and it is used within the Facebook app’s News Feed.

• Year Class and Connection Class – these two projects have been released in order to give mobile app developers the chance to intelligently segment through the use of network and device performance in real time.

• Fresco – this is a tool set that has been created for image manipulation and display specifically for the Android mobile app developer community.

• Nuclide – this is the only one of the open source projects that was announced as being open-sourced in the future, but that is not yet available in that form, at the moment. Facebook took the opportunity at F8 to demo the project, but not to actually make it openly available. It is meant to support Reactive Native, as well as Hack, and Flow, and it is IDE designed. It was developed alongside GitHub. Even though this one has not yet been open sourced, it holds enough potential that it is certainly worth watching in the future.