app development related cybersecurity articles - The Hacker News
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: app development

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

'Exodus' Surveillance Malware Found Targeting Apple iOS Users
April 09, 2019Swati Khandelwal
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus , as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year. Unlike its Android variant, the iOS version of Exodus has been distributed outside of the official App Store, primarily through phishing websites that imitate Italian and Turkmenistani mobile carriers. Since Apple restricts direct installation of apps outside of its official app store, the iOS version of Exodus is abusing the Apple Developer Enterprise program, which allows enterprises to distribute their own in-house apps directly to their employees without needing to use the iOS App Store. "Each of the phishing sites contained links to a distribution manifest, which contained metadata

Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent

Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
October 30, 2018Swati Khandelwal
Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update (version 1809) that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent. With Windows 10, Microsoft introduced a common platform, called Universal Windows Platform (UWP), that allows apps to run on any device running Windows 10, including desktop PC, Xbox, IoT, Surface Hub, and Mixed-reality headset. UWP apps have the ability to access certain API, files like pictures, music, or devices like camera and microphone, by declaring required permissions in their package manifest (configuration) file. By default, UWP apps have access to directories, where the app is installed on the users' system and where the app can store data (local, roaming and temporary folders). However, to access other files on a system, including sensitive resources, Microsoft offers several types of capabilities that an applicati

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year
September 22, 2018Swati Khandelwal
The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren't supposed to get them, Twitter disclosed in its Developer Blog on Friday. What Happened? Twitter found a bug in its Account Activity API (AAAPI), which is used by registered developers to build tools to support business communications with their customers, and the bug could have exposed those customers' interactions. The Twitter AAAPI bug was present for more than a year—from May 2017 until September 10—when the microblogging platform discovered the issue and patched it "within hours of discovering it." In other words, the bug was active on the platform for almost 16 months. "If you interacted with an account or business on Twitter that relied on a developer

Apple will let users run iOS apps on macOS

Apple will let users run iOS apps on macOS
June 06, 2018Swati Khandelwal
Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating systems into one platform, which was being speculated for years. So, Apple made it clear that iOS and macOS will continue to be separate products. Rumors of iOS apps coming to the Mac have been around since 2017, and yesterday at Apple's WWDC 2018 event, Apple senior vice president of software engineering Craig Federighi just confirmed this while concluding his keynote. Though iOS and macOS share similar underlying frameworks, both are separate operating systems with their own separate software libraries, called UIKit used by iOS and AppKit used by macOS, which have made porting iOS apps to Mac difficult, said Federighi. "iOS devices and macOS devices of course are different

Download Free Windows 10 for the Internet of Things and Raspberry Pi 2

Download Free Windows 10 for the Internet of Things and Raspberry Pi 2
August 12, 2015Khyati Jain
In the month of February 2015, second generation Raspberry Pi was made available and was commonly known as Raspberry Pi 2 . Buzz was that Windows 10 will be supporting the hardware for its compatibility with the smart objects, popularly known as the ' Internet of Things '. So, finally the Free version of Windows 10 for Raspberry Pi 2 is here. On Monday, public release of Microsoft's Windows 10 for IoT Core, offering support for the Raspberry Pi 2 and the Minnowboard Max , was made available. Microsoft's goal of spreading Windows 10 to a Billion user is going to get fulfilled with this specially trimmed edition for small and embedded devices, that may or may not have screens. Also for devices with screens, Windows 10 IoT Core operating system does not have a Windows shell experience; rather you can write a Universal Windows app that is the interface and 'personality' for your device. It's neither the Windows, as we already are familiar with, nor a substitut

Google Play Store Update Allows Apps to Silently Gain Control of Your Device

Google Play Store Update Allows Apps to Silently Gain Control of Your Device
June 13, 2014Mohit Kumar
Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers. Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into ' groups of related permissions ', likely for Android users to have an easier time dealing with app permissions. Unfortunately, the new update has introduced a few potential security and privacy issues, as listed below: hiding permissions behind the group names auto-updating app with no warning for new permissions According to new update, once a user approves an app's permissions, he actually approves the whole respective permission groups. For example, if an app want to read your incoming SMS messages, then it requires the " Read SMS messages " permission. But now installing an app, you are actually giving it access to all SMS-related permissions. The app developer can then include

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C
June 04, 2014Mohit Kumar
The development of self own languages has become emblematic of the hot new trend in business as every big Internet service provider is now developing their own and unique programming languages. Two months ago, Facebook released its modern programming language called ' HACK ', which is specially designed to make the process of writing and testing code of complex websites and other software faster, and the company already drives almost all of the its social networking site to HACK over the last year. This Monday, Apple surprises the gathering of people who build software applications for Apple hardware devices at its World Wide Developers Conference (WWDC) by introducing its whole new programming language called Swift , which probably replace Apple's main programming language - Objective-C that is being loved by the developers who build software applications for Apple hardware devices, from iPhone, iPad to Macintosh. The first app built on Swift is the WWDC ap

Facebook Introduces Anonymous Login to Limit Third-party App Permissions

Facebook Introduces Anonymous Login to Limit Third-party App Permissions
May 01, 2014Swati Khandelwal
We're comfortable in sharing information with our Facebook friends, but it is quite sneaky for Facebook users to offer their Identities and credentials when logging in to third-party apps , they don't trust. To deal with this issue, the social network giant has plans to improve the way users login to the third party apps with more privacy controls on the web as well as mobile devices. ANONYMOUS LOGIN At Facebook's F8 developer conference in San Francisco on Wednesday, Keynote speaker - Chief Executive Mark Zuckerberg announced the new Facebook's login tool, " Anonymous Login " that would let users sign into apps and websites anonymously without sharing their personal information-Biggest news for Facebook users. " Today, we want to do more to put control and power back into people's hands, " Zuckerberg said at the conference. " Up until now, your friends have been able to share your data via using apps. Now we're changing this, so every

Researchers explained How ANGRY BIRDS Sharing Your Personal Data

Researchers explained How ANGRY BIRDS Sharing Your Personal Data
April 02, 2014Mohit Kumar
We are already aware about the fact that most probably every mobile app is collecting our data in one or the other form. Thanks to Edward Snowden, who provided the secret documents that revealed that the world's most popular Smartphone applications, including gaming apps such as Angry Birds , are telling the government intelligence agencies (NSA) everything about us. We  reported earlier  that how the government intelligence agencies, such as British intelligence agency GCHQ and U.S. intelligence firm NSA, use popular games to collect users' personal data including their GPS location. Yes, the popular game Angry Bird , which is the top-selling paid mobile application in the United States and Europe for the iPhones, Android and has been downloaded more than a billion times by the devoted game players worldwide, who often spend hours squawking and playing the game.  In fact earlier this month,  CBS 60 Minutes  shows that how Rovio shares users' locations. Recently, t

Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app

Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app
February 03, 2014Wang Wei
Smartphones are powerful and popular, with more than thousands of new mobile apps hitting the market everyday. Apps and mobile devices often rely on consumers' data, including private information, photos, and location, that can be vulnerable to data breaches, surveillance and real-world thieves. When developing a mobile application, developer has to fulfill high security requirements, established for apps that deal with confidential data of the users. If you are a developer then responsibilities for providing security to the users is very high in comparison to functionality you are going to feed into the app. e.g. A vulnerability found in Starbucks' iOS app could have caused a massive financial data loss. It is always important for all app developers to have enough knowledge about major Mobile platform Security threats and its countermeasures. Today we would like to introduce open source ' Damn Vulnerable IOS App (DVIA) ' developed by Prateek Gianchan
Exclusive Offers

Cybersecurity Newsletter — Stay Informed

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.