Mobile Security → All Mobile Security articles
Certificate pinning makes a mobile app refuse a connection even when normal TLS validation says yes — and on a hardened app, the g…
The keychain is where iOS apps are supposed to put secrets — and on a test device you own, with the app unlocked, you can read the…
Root and jailbreak detection is an app asking "is the device under me honest?" — and it answers with a battery of probes where any…
You point your phone at Burp, install the CA, and the app you are testing goes silent — no traffic, just "connection reset". That …
Android apps message each other with Intents, and components marked "exported" are doors any app can knock on. The trouble starts …
A WebView is a browser the app embeds and bridges into its own code — and that bridge is where it goes wrong. addJavascriptInterfa…
Static analysis tells you what an app could do; Frida shows you what it actually does, live, and lets you change it mid-run. This …
Most mobile findings are not clever — they are an app writing a session token, a password, or a card number to disk in cleartext a…
An APK is a ZIP file with the whole app inside it — compiled code, resources, and a manifest. Reverse engineering it is two jobs: …
Before you reverse a single byte of an Android app you need two things working: a shell into the device, and a way to reach inside…