Circumventing mobile app stores security checks using Hybrid Frameworks and HTML5-fu

Want to visit   +53

Author: Paul Amar

This talk covers a new attack vector regarding app stores, circumventing security checks associated when publishing an app on any app store. Usually, after publishing a mobile application, stores run sandbox or manual tests and decide whether the application is legitimate. By using Hybrid framework (such as Cordova), it is possible to update mobile applications without user consent and without notifying app stores.

  • Language
  • English

A security engineer doing digital forensics and incident response. Likes developing (mostly in Python and some hipster stuff) and always has a bunch of crazy ideas coming up everyday. Spoke at DeepSec, BSides. His latest project, Data Exfiltration Toolkit, was showcased at Black Hat.

Paul Amar Paul Amar

Back to the list