Post Image

Fingerprint/TouchID Support

Fingerprint scanners are pretty common in modern hardware both from Apple and some Android vendors. The problem is that the iOS and Android API's for accessing them are a world apart. However, it's possible to find some low level common ground which is exactly what our cn1lib for fingerprint scanning accomplished.

Read More
Post Image

Security Section

We've had a lot of security related posts in the past few months as we refined many edge cases with some customers. These posts are difficult to comb thru as they are all over the place and it's hard to get a glance of "what's available".

Read More
Post Image

Obfuscated Constants

One of the first things a hacker will do when compromising an app is look at it. E.g. if I want to exploit a bank's login UI I would look at the label next to the login and then search for it in the decompiled code. So if the UI has the String "enter user name and password" I can search for that.

Read More
Post Image

Block Copy/Paste & Faster Performance on iOS

I discussed both of these last week but we've made some progress that warrants a dedicated post. We added a new feature that allows you to block copy & paste on a text component either globally or on a case by case basis. This is helpful for highly sensitive applications.

Read More
Post Image

Disable Screenshot, Copy & Paste

Continuing our security trend from the past month we have a couple of new features for Android security that allow us to block the user from taking a screenshot or copying & pasting data from fields. Notice that these features might fail on jailbroken devices so you might want to check for jailbreak/rooting first.

Read More
Post Image

Strong Android Certificates

When Android launched RSA1024 with SHA1 was considered strong enough for the foreseeable future, this hasn't changed completely but the recommendation today is to use stronger cyphers for signing & encrypting as those can be compromised.

Read More
Post Image

Jailbreak/Rooting Detection

iOS & Android are walled gardens which is both a blessing and a curse. Looking at the bright side the walled garden aspect of locked down devices means the devices are more secure by nature. E.g. on a PC that was compromised I can detect the banking details of a user logging into a bank. But on a phone it would be much harder due to the deep process isolation.

Read More
Post Image

Certificate Verification, Avoid SSL Pinning Vulnerability

Certificate pinning is a security measure designed to thwart potentially dangerous and complex attacks. Since those sort of attacks are pretty hard to execute it's a security measure that is probably unnecessary for most developers. However, if you are building an application for a very sensitive industry (e.g. Government, Banking etc.) you might be required to include this defensive measure.

Read More
Post Image

iOS Http URL's

We'll be migrating to the new iOS build servers this Sunday and this does entail one major thing you need to be aware of. With the new version of xcode http URL's are blocked by Apple. We blogged about this a while back but this bares repeating as it's something a lot of you will start running into.

Read More