Mobile Security → All Mobile Security articles
Your phone draws dozens of windows onto one sheet of glass — and a single permission lets one app paint on top of all the others. …
The moment you attach Frida or a debugger to a hardened app, it often knows: a thread scans /proc for the tell-tale artefacts, cal…
Certificate pinning makes a mobile app refuse a connection even when normal TLS validation says yes — and on a hardened app, the g…
RASP makes an app defend itself at runtime: notice it is on a rooted phone, a debugger or Frida attached, or its own code patched,…
Custom URL schemes like myapp:// feel like the app owns them — but the OS never promised they are unique. Any app can register mya…
The keychain is where iOS apps are supposed to put secrets — and on a test device you own, with the app unlocked, you can read the…
Root and jailbreak detection is an app asking "is the device under me honest?" — and it answers with a battery of probes where any…
When the interesting logic disappears from jadx, it has usually been pushed down a layer — into a compiled .so on Android or a .dy…
On Apple platforms, the most interesting trust boundary is not the network — it is the gap between two processes on the same devic…
You pull the .ipa for the iOS app you are assessing, run strings on the binary, and get nothing — the code region is noise. That i…