Categories
Uncategorized

Microsoft Has Embraced GitHub. Can GitHub Embrace Obfuscation?

Reading Time: 3 minutes

In its recent GitHub $7.5B acquisition announcement, Microsoft promised to “bring its developer tools and services to new audiences.” “New audiences” in this context mean, quite literally, GitHub’s 28 million developer users. As the “largest open source community in the world,” GitHub audiences will most surely also mean new requirements, new priorities, and new expectations – but these will also come with old biases. And there is no better example of open source bias than code obfuscation. 

Categories
Dotfuscator CE

Xamarin and Dotfuscator: Do you believe in magic?

Reading Time: 5 minutes

I am not a superstitious person and I don’t believe in magic, but even still – I have to confess that the way Xamarin spits out Android and iOS apps (along with all the other platforms) feels kind of magical to me. Of course, when something breaks, I am reminded all too quickly that there is no magic happening here – Xamarin has just encapsulated a lot of complex steps into a neat and tidy black box.

Categories
Dotfuscator CE

Root detection: Xamarin apps stop hackers before they can begin

Reading Time: 3 minutes

How important is root detection?

Categories
Risk Management

An app hardening use case: Filling the PCI prescription for preventing privilege escalation in mobile apps

Reading Time: 2 minutes

Preventing Privilege Escalation in mobile payment apps (PCI Mobile Payment Acceptance Security Guidelines Section 4.3)

Regulators, standards bodies and IT auditors have become increasingly likely to recommend an absolute prohibition of rooted Android devices in production environments. As the 2017 PCI Mobile Payment Acceptance Security Guidelines state, “Bypassing permissions can allow untrusted security decisions to be made, thus increasing the number of possible attack vectors.”

Categories
Risk Management

Encryption’s unfortunate, unavoidable, and unfix-able gap – and how to fill it

Reading Time: 5 minutes

When perimeters are breached, identities stolen and malware launched, encryption stands as information’s last line of defense. Without effective encryption policies, you will first be victimized and then held liable (punished) by every information stakeholder (customers, partners, investors, regulators, the courts, etc.).

Categories
Dotfuscator

Dotfuscator Professional 4.31 is Available Now

Reading Time: < 1 minute

We have just released Dotfuscator Professional 4.31 and it’s available for immediate download (both for clients and as a free evaluation).

Categories
Risk Management

GDPR liability: software development and the new law

Reading Time: 3 minutes

The GDPR is comprehensive; its impact is far reaching, and the penalties for infringement are severe (up to €20 million or 4% of global annual revenue, whichever is higher).

In short, no impacted business can afford to ignore The GDPR. As the May 2018 deadline looms, organizations find themselves scrambling to be “GDPR ready” – but what exactly does that mean?

Categories
Risk Management

App dev & the GDPR: three tenets for effective compliance

Reading Time: 3 minutes

According to the official EU GDPR website, http://www.eugdpr.org, “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.”

Categories
Dotfuscator

Another Application Vulnerability for Which There is No Fix

Reading Time: 2 minutes

Garbage in, garbage out is shorthand for “incorrect or poor quality data will always produce faulty results.”

The “garbage data” vulnerability is especially gnarly in that there is actually no fix – no cure.

Categories
DashO

DashO Root Detection & Defense is one Check that will not bounce!

Reading Time: 3 minutes

I’m delighted to report that PreEmptive Solutions released DashO 8.2 for Java and Android earlier this week. Like most of our releases, it has a lot packed into it including:

  • Android-O support,
  • Kotlin support,
  • Improvements to our Android Wizard, and
  • Build performance improvements.