Our DevSec blog is dedicated to the topics, best practices and cybersecurity research needed by mobile developers (DEV) and cybersecurity (SEC) teams in the modern mobile DevOps pipeline.
In this DevSec blog we’ll share our research and best practices in securing Android & iOS apps. Our goal is to help mobile developers and cyber security teams stay ahead of mobile app hackers, attackers, pass mobile application penetration tests, and make mobile DevSecOps compliance easy.
Subscribe today. We’d love to have you join our community!
Banking Trojans are no longer just malware—they’re the engine behind today’s most dangerous, AI-driven mobile fraud campaigns. In 2025, mobile Trojans are responsible for more account takeovers, financial losses,…
In 2025, deepfakes have gone mobile—and brands with consumer-facing apps are on the front lines. From fake video support agents impersonating bank employees to synthetic voice bots authorizing fraudulent…
Mobile apps may be global, but not all users—or locations—should be treated the same. From regulatory enforcement to fraud control, user geography plays a vital role in mobile risk…
Social engineering has become one of the most dangerous and effective attack methods in mobile apps. Unlike traditional attacks that exploit code or infrastructure, social engineering targets people—using deception,…
Just two years ago, most mobile businesses focused on basic data protection threats—like jailbreak and root detection. That was the extent of the conversation. Today, the threat landscape has…
When we think of digital pipelines, we often think of developers, not defenders. However, in the age of AI, threats are evolving much faster than ever. Now more than…
Summary:
Apple’s AirPlay protocol, recently found to have 23 critical vulnerabilities, is putting enterprise environments at risk in ways few companies are prepared to handle. While Apple’s patching efforts are…
A recent Cybernews investigation revealed that over 71% of iOS apps leak hardcoded secrets, exposing mobile users and businesses to significant security risks. These embedded credentials – API keys,…
Every mobile business faces five universal threats that can disrupt operations, erode revenue, and damage user trust: fraud, scams, bots, account takeovers (ATOs), and security/compliance failures. These threats…
This week at RSA, Appdome won several awards, including Best AI Platform for Cyber Resilience. I want to take this opportunity to explain why this one award is a significant…
In this blog, we’ll explore why turning the WAF into a fraud-fighting powerhouse by analyzing deep session risk on every API connection request can revolutionize your ATO defense strategy.
Web Application Firewalls…
AI Has Changed the Attack Landscape Forever
Mobile apps today are under siege from a new wave of highly sophisticated attacks. Deepfakes, automated account takeovers (ATOs), AI-generated synthetic users,…
Have a Security Project?
We Can Help!
