Skip to content

Sirack Hailu

Members Public

Apple Intelligence - What we know so far

Apple intelligence was introduced back in June. This was somewhat expected given the explosive growth of LLM models everywhere spearheaded by Chat-GPT. Google followed up by releasing Gemini Nano optimized for mobile devices. In this post I will summarize (in short ;)) what I gather so far from some of the

Members Public

Is Android Killing TEE?

The Android operating system inherits its security controls from Linux. While these controls are sufficient for most apps, there are use cases where apps require stringent security environment to execute code. E.g. Your banking app needs to transfer funds securely. Google answered this question by providing TEE. TEE stands

Is Android Killing TEE?
Members Public

Appstore Compliance

Building an app & submitting it to the app store used to be a trivial process. I have been building apps since 2011/12 and have seen the progression of app store settings morph from single-screen to multi-page declaration forms that require hours to understand and comply.  This is especially

Appstore Compliance
Members Public

OWASP Mobile Top 10 - 2024 Edition

Update - Earlier version of the article incorrectly used OWASP MAS logo. OWASP MAS Project & OWASP Mobile top 10 are not affiliated. It's been eight years since the last OWASP Mobile Top 10 update. That's a long time for an industry that keeps evolving by

OWASP Mobile Top 10 - 2024 Edition
Members Public

Failure to launch

This post is inspired by By Ross Haleliuk's Substack about cybersecurity startups worth exploring in 2024. To my delight, mobile security was mentioned multiple times :) He argues some markets enjoy attention from VCs, CISOs & the wider community. E.g. endpoint protection, identity, cloud security, etc. Every CISO

Failure to launch
Members Public

On API Resilience

Last week, I published an article on API Security. It discusses how to combine mobile RASP with API Security. One valuable feedback I got was to remove the word "security" and replace it with "resilience". This makes a lot of sense, especially for those that are

On API Resilience
Members Public

On API Security

April 19 UPDATE - The original article doesn't discuss the drawbacks and might create false sense of security. See "Drawbacks & Assumptions" section. For the past few months, I have been studying multiple API security companies to understand if they can solve the unique challenges faced

On API Security
Members Public

Welcome to Sandbox Brief

"See all things" - Bruce Lee It's been my recurring plan to write. Whether its a technical blog, something I observed or have an opinion on. I gave myself plenty of reasons for not doing it. Work, imposter syndrome, fear of rejection, etc. But I have