OFFRE D'UNE DURÉE LIMITÉE | Obtenez 3 mois à 0.99 $ par mois

14.95 $/mois par la suite. Des conditions s'appliquent.
Page de couverture de Upwardly Mobile - API & App Security News

Upwardly Mobile - API & App Security News

Upwardly Mobile - API & App Security News

Auteur(s): Approov Mobile Security
Écouter gratuitement

À propos de cet audio

 Think the App Store’s built-in security is enough? Think again.

Welcome to Upwardly Mobile, the podcast that exposes the gaps in iOS, Android, and HarmonyOS security. Hosts Skye and George take you into the high-stakes world of mobile defense, revealing why standard protections from Apple, Google, and Samsung often leave your sensitive data exposed. Sponsored by Approov—the gold standard in mobile app attestation—we move beyond the basics to tackle weaponized AI threats and dynamic API attacks. From runtime attestation to navigating complex compliance regulations, we equip developers and security pros with the actionable strategies needed to thwart attackers. Don’t leave your app vulnerable.

Subscribe now on Spotify and Apple Podcasts to elevate your security game.Copyright 2025 Approov Finances personnelles Politique Économie
Épisodes
  • SNAP | Why Mobile Apps Are Failing to Stop Food Stamp Fraud?

    SNAP | Why Mobile Apps Are Failing to Stop Food Stamp Fraud?
    Jan 17 2026
    Episode Summary In this episode of Upwardly Mobile, we investigate a growing financial crisis affecting the nation’s most vulnerable families. The USDA now estimates that up to $12 billion is stolen annually from the Supplemental Nutrition Assistance Program (SNAP). We explore how transnational criminal rings are using sophisticated technology—from physical skimmers to brute-force cyberattacks—to drain EBT cards in seconds.We also break down why the government’s latest solution—mobile apps that allow users to "lock" their cards—is failing to stop the theft. We analyze the technical vulnerabilities of the legacy magstripe system and explain why app-based controls are often bypassed by backend fraud and race conditions.This episode is sponsored by Approov. Mobile apps are now the front door to critical services, but as we discuss in this episode, they are only as strong as the security frameworks behind them. Approov provides comprehensive mobile app protection, ensuring that the requests hitting your API are from genuine apps running on untampered devices.Key Topics & Takeaways:• The Scale of the Problem: Federal investigators estimate that SNAP fraud has hit all-time highs, potentially reaching $12 billion annually. Georgia alone reported nearly $23 million stolen in just the first quarter of 2025.• How the Fraud Works: Criminals are utilizing advanced skimming technology and "brute force" software that can guess a four-digit PIN in less than a second. The Secret Service notes that these are often transnational organized crime groups capable of working easily across borders.• The "Lock" Feature Failure: Many states, including Georgia, encouraged users to download apps like ConnectEBT to "lock" their cards. However, users like Sheria Robertson report having funds stolen mere minutes after unlocking the app to make a purchase.• The Technical Vulnerability: The core issue is that EBT cards still rely on legacy magnetic stripe technology rather than secure chips (EMV). Because the backend system relies on static track data and a PIN, the mobile app’s "lock" feature is often bypassed by race conditions or bot attacks on IVR systems.• Bot Attacks: Cybercriminals are using bots to hammer IVR systems to check balances and time their withdrawals the moment funds are deposited.Featured Stories & Data:• Victim Spotlight: Sheria Robertson, a single mother who lost her Thanksgiving food budget to thieves in Brooklyn, NY, despite being in Georgia and using the app's security features.• Investigator Insight: Mark Haskins from the USDA Food and Nutrition Service explains that criminals are "taking it to the next level" with cyber and brute force attacks.• State Data: Top states for reported fraud include Georgia, New York, and California.Relevant Links & Resources:• USDA SNAP Replacement of Stolen Benefits Dashboard• Report Fraud: USDA Office of Inspector General Hotline [(800) 424-9121]• Technical Deep Dive: Security Vulnerabilities and Fraud Mechanics in EBT Systems• News Coverage: WSB-TV: Georgia officials say state SNAP system subject to cyberattack• Propel App Resource: How are EBT benefits being stolen?Keywords:SNAP fraud, EBT skimming, food stamp theft, mobile app security, Approov, ConnectEBT, cybercrime, magnetic stripe vulnerability, USDA, social safety net, financial fraud, IVR bot attacks.🎙️ Upwardly Mobile is hosted by Skye Macintyre & George McGregor. 🛡️ Sponsored by Approov: The only comprehensive solution for mobile app and API security. 👉 Subscribe & Review: Upwardly Mobile | PodcastThis episode includes AI-generated content.
    Voir plus Voir moins
    14 min
  • The Punkt MC03: Can You De-Google Without the Headache?

    The Punkt MC03: Can You De-Google Without the Headache?
    Jan 13 2026
    In this episode, we explore the landscape of "privacy-first" smartphones, focusing on the newly unveiled Punkt MC03. We break down whether this Swiss-designed, German-made device can finally offer a viable alternative to the data-harvesting giants of the mobile world. We discuss the trade-offs of leaving the Google ecosystem, the unique "subscription-based" operating system model, and whether the return of the removable battery signals a shift in hardware trends. Key Topics & Timestamps:
    • The "De-Googled" Promise: The Punkt MC03 runs AphyOS, a custom version of Android that strips out Google Mobile Services to minimize background tracking and profiling.
    • AphyOS & The Subscription Model: Unlike standard Android phones, the MC03 relies on a subscription model (approx. $10/month after the first year) to fund security updates and infrastructure rather than selling user data to ad networks.
    • Security Architecture: The device splits the user experience into a secure "Vault" for vetted apps (like Proton and Signal) and a "Wild Web" environment for general Android apps, allowing users to isolate risky applications.
    • Hardware Highlights: The phone features a 6.67" OLED screen, IP68 rating, and a 5,200 mAh removable battery—a design choice driven by upcoming EU regulations regarding repairability.
    • Overcoming Past Failures: We discuss how the MC03 improves upon the "difficult-to-recommend" MC02 with a smoother onboarding process, an improved 64MP camera, and the option to install the Play Store for users who can't go fully cold-turkey.
    • The Competition: How the MC03 stacks up against other privacy-focused devices like the Murena Fairphone and other non-GMS ROMs like GrapheneOS.
    Sponsor: This episode is brought to you by Approov. Protect your mobile APIs from scripts, bots, and modified apps. Ensure that the requests you receive are from the genuine mobile app you released.
    • Visit approov.com to learn more about comprehensive mobile app security.
    Relevant Links & Source Materials:
    • ZDNET Review: Want real phone privacy? This $700 handset promises it – Coverage of the US launch, pricing, and removable battery features.
    • Android Police Coverage: Can you de-Google without the headache? – An in-depth look at the onboarding improvements and specs.
    • Punkt Official Site: The MC03 Product Page – Direct specs and philosophy from the manufacturer.
    • Murena / /e/OS: The Murena Fairphone Review – Context on the competitor mentioned in the episode.
    Keywords: Punkt MC03, AphyOS, Non-GMS, De-Google, Mobile Privacy, Data Sovereignty, Removable Battery, Android Security, Fairphone, Murena, Apostrophy OS, Mobile Security.

    Disclaimer: Information regarding pricing ($699 device / $10 monthly sub) and release dates (Spring 2026 for US) is based on reports from ZDNET and Android Police coverage of CES 2026.

    🎙️ Upwardly Mobile is hosted by Skye Macintyre & George McGregor. 🛡️ Sponsored by Approov: The only comprehensive solution for mobile app and API security. 👉 Subscribe & Review: Upwardly Mobile | Podcast

    This episode includes AI-generated content.
    Voir plus Voir moins
    11 min
  • Unmasking "Wonderland" – The New Wave of Android Droppers & SMS Stealers

    Unmasking "Wonderland" – The New Wave of Android Droppers & SMS Stealers
    Jan 6 2026
    In this episode of Upwardly Mobile, we dive deep into the evolving landscape of Android malware. We break down the emergence of Wonderland (formerly WretchedCat), a sophisticated SMS stealer targeting users in Uzbekistan through legitimate-looking "dropper" applications. We explore how threat actors, specifically the "TrickyWonders" group, are leveraging Telegram and malicious ad campaigns to bypass security checks and hijack devices. We also discuss the broader trend of Malware-as-a-Service (MaaS), including new threats like Cellik, Frogblight, and NexusRoute that are lowering the barrier to entry for cybercriminals globally. From real-time screen streaming to bypassing Google Play protections, we analyze the tactics defining modern mobile security threats. Key Topics Discussed:
    • The Rise of Droppers: How malware operators are shifting from "pure" Trojans to "droppers" (like MidnightDat and RoundRift) that appear harmless to evade detection before deploying payloads.
    • Wonderland's Capabilities: How this malware establishes bidirectional communication to intercept OTPs, steal contacts, and execute USSD requests.
    • The MaaS Economy: A look at the "Cellik" RAT, which offers one-click APK building to bundle malware inside legitimate apps, and "Frogblight," which targets users via fake court documents.
    • Government Impersonation: How "NexusRoute" is targeting users in India by mimicking government service portals to steal financial data and UPI PINs.
    • Defense Strategies: The importance of blocking unknown source installations and monitoring for suspicious SMS/USSD patterns.
    Sponsored By: This episode is brought to you by Approov. Stop mobile app abuse and API misuse. Ensure that the requests your API handles are from the genuine mobile app running on a safe mobile device. 👉 Visit our sponsor: https://approov.io Relevant Links & Source Materials:
    • The Hacker News: Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
    • SC Media: Android malware Wonderland evolves with dropper apps targeting Uzbekistan
    • Cypro: Security Analysis of Android Malware Operations
    Keywords: Android Malware, Wonderland, SMS Stealer, Dropper Apps, Mobile Security, Remote Access Trojan (RAT), TrickyWonders, Cybersecurity, One-Time Password (OTP) Theft, Malware-as-a-Service, Approov.

    🎙️ Upwardly Mobile is hosted by Skye Macintyre & George McGregor. 🛡️ Sponsored by Approov: The only comprehensive solution for mobile app and API security. 👉 Subscribe & Review: Upwardly Mobile | Podcast

    This episode includes AI-generated content.
    Voir plus Voir moins
    11 min
Pas encore de commentaire