CW

Mobile Security

Mobile DefenseFree Lesson

Advertisement

Mobile Security

iOS/Android security, mobile threats, app security, and device management.

Overview

Mobile security protects devices and data on mobile platforms.

Mobile Threats

ThreatPlatformImpact
MalwareAndroidData theft
PhishingBothCredential theft
Network attacksBothData interception
Physical theftBothDevice compromise
Jailbreak/RootBothSecurity bypass

iOS Security

// Keychain storage
let password = "secret".data(using: .utf8)!
let query: [String: Any] = [
    kSecClass as String: kSecClassGenericPassword,
    kSecAttrAccount as String: "username",
    kSecValueData as String: password
]

SecItemAdd(query as CFDictionary, nil)

// Biometric authentication
import LocalAuthentication

let context = LAContext()
var error: NSError?

if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
    context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, 
                          localizedReason: "Authenticate") { success, error in
        // Handle result
    }
}

Android Security

// EncryptedSharedPreferences
val masterKey = MasterKey.Builder(context)
    .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
    .build()

val sharedPreferences = EncryptedSharedPreferences.create(
    context,
    "secret_prefs",
    masterKey,
    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)

// Biometric authentication
val biometricPrompt = BiometricPrompt(this, executor,
    object : BiometricPrompt.AuthenticationCallback() {
        override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
            // Handle success
        }
    })

App Security Best Practices

  1. Code obfuscation — ProGuard, RASP
  2. Certificate pinning — Prevent MITM
  3. Secure storage — Keychain, Keystore
  4. Input validation — Prevent injection
  5. Root/Jailbreak detection — Security checks

Mobile Device Management

# MDM Policy
mobile_policy:
  passcode:
    min_length: 6
    require_alphanumeric: true
    max_failed_attempts: 10
  encryption: required
  backup: enabled
  allowed_apps:
    - com.company.app
  blocked_apps:
    - com.torrent.*

Network Security

# Certificate pinning
import ssl
import certifi

context = ssl.create_default_context()
context.load_verify_locations(certifi.where())
context.check_hostname = True
context.verify_mode = ssl.CERT_REQUIRED

Practice

Implement secure storage and biometric authentication in a mobile app.

Advertisement

24 Secure Coding26 Application Security Testing

Need Expert Cybersecurity Help?

Get personalized security training or professional consulting.

Contact Us →View Services

Advertisement