Mobile Security → All Mobile Security articles
Your phone draws dozens of windows onto one sheet of glass — and a single permission lets one app paint on top of all the others. …
The moment you attach Frida or a debugger to a hardened app, it often knows: a thread scans /proc for the tell-tale artefacts, cal…
RASP makes an app defend itself at runtime: notice it is on a rooted phone, a debugger or Frida attached, or its own code patched,…
Custom URL schemes like myapp:// feel like the app owns them — but the OS never promised they are unique. Any app can register mya…
When the interesting logic disappears from jadx, it has usually been pushed down a layer — into a compiled .so on Android or a .dy…
On Apple platforms, the most interesting trust boundary is not the network — it is the gap between two processes on the same devic…
You pull the .ipa for the iOS app you are assessing, run strings on the binary, and get nothing — the code region is noise. That i…
A modern Android banking trojan does not break crypto or pop a kernel bug. It asks the user for the Accessibility service, then po…
ATS is the iOS rule that says every connection an app makes must be modern HTTPS — and developers turn it off more often than they…
A deep link is a URL that opens a specific screen inside an app, and any app can register to handle one. Custom-scheme links (myap…