Apple Intelligence - What we know so far
Apple intelligence was introduced back in June. This was somewhat expected given the explosive growth of LLM models everywhere spearheaded by Chat-GPT. Google followed up by releasing Gemini Nano optimized for mobile devices. In this post I will summarize (in short ;)) what I gather so far from some of the
Is Android Killing TEE?
The Android operating system inherits its security controls from Linux. While these controls are sufficient for most apps, there are use cases where apps require stringent security environment to execute code. E.g. Your banking app needs to transfer funds securely. Google answered this question by providing TEE. TEE stands
Appstore Compliance
Building an app & submitting it to the app store used to be a trivial process. I have been building apps since 2011/12 and have seen the progression of app store settings morph from single-screen to multi-page declaration forms that require hours to understand and comply. This is especially
OWASP Mobile Top 10 - 2024 Edition
Update - Earlier version of the article incorrectly used OWASP MAS logo. OWASP MAS Project & OWASP Mobile top 10 are not affiliated. It's been eight years since the last OWASP Mobile Top 10 update. That's a long time for an industry that keeps evolving by
Failure to launch
This post is inspired by By Ross Haleliuk's Substack about cybersecurity startups worth exploring in 2024. To my delight, mobile security was mentioned multiple times :) He argues some markets enjoy attention from VCs, CISOs & the wider community. E.g. endpoint protection, identity, cloud security, etc. Every CISO
On API Resilience
Last week, I published an article on API Security. It discusses how to combine mobile RASP with API Security. One valuable feedback I got was to remove the word "security" and replace it with "resilience". This makes a lot of sense, especially for those that are
On API Security
April 19 UPDATE - The original article doesn't discuss the drawbacks and might create false sense of security. See "Drawbacks & Assumptions" section. For the past few months, I have been studying multiple API security companies to understand if they can solve the unique challenges faced
Welcome to Sandbox Brief
"See all things" - Bruce Lee It's been my recurring plan to write. Whether its a technical blog, something I observed or have an opinion on. I gave myself plenty of reasons for not doing it. Work, imposter syndrome, fear of rejection, etc. But I have