Category: APPS

APP Shielding

When developers create a new APP and it becomes popular – there are hackers who want to get into the APP for one of several reasons

  1. The intellectual challenge of seeing how it works
  2. To understand how it works so they can create viruses or other malware that can attack it
  3. To find out if they can hijack the APP to do their bidding

An intellectual challenge isn’t threatening to others but the other reasons are criminal and it does happen that even APPS on APPLE and Android Pplay stores can be cheated by hackers and in some cases there has been a major loss of money and reputation as these problems come to light.

To prevent hackers getting into their APP, developers can use various coding techniques (called APP shielding), usually classified as

  1. Obfuscation and
  2. Integrity checks

APP shielding is important in many cases and especially with financial APPS.

App shielding is designed to prevent attackers from modifying your app during runtime or at rest, to protect your app’s memory, make app repackaging extremely complex, and provide additional protection against mobile malware.

What Can APP Shielding Do?

  • Prevents and effectively stops the most common types of cyber attacks on mobile apps.
  • Stop Mobile Malware
  • Advanced obfuscation and integrity checks prevents the APP being reverse-engineered which can lead to it being repackaged and released on the app marketplace under a new name.
  • Protect User Data
  • Stop untrusted keyboards, malicious screen readers or screen recorders from stealing the sensitive data, as well as the data leakage via user or system screenshots.

Recent research shows that :-

  • Of 1.7 million apps on the Google Play store, only 24.5% had any Code Protection.
  • 86% of Malware is delivered through APPS that have been re-packaged.

These numbers are of concern as we trust downloads from Google Play store and APPLE but maybe we shouldn’t be so trusting.

Increasingly, developers tool kits will contain code for implementing APP shielding, so it should become common practice for APP developers.

If you have any experience with APP shielding, do let me know, by email.

Fightback Ninja Signature

The Tik Tok APP

Tik Tok is a social media app that gives users the opportunity to share 60 second short videos with friends, family or the entire world. The videos shared typically range from funny sketches to lip-sync videos featuring special effects to voices over extracts from films

The APP has more than 150 million active users and it is controversial because of the number of teenagers and children who use it.

The minimum age according to TikTok’s terms and conditions is 13, but Tik Tok does not verify a new user’s age except by asking for birth date.

When you download the app, you can instantly see the videos that others have posted on the channel but are not able to share or post anything until you have set up your own account. This is typical with social media.

The Problems

  • Some of the videosinclude bad language or subject matter unsuited for children. However, there is a setting to block inappropriate content
  • Because the site is used by children and includes videos, it may attract predatory adults

What should parents be concerned about?

You can set up an account on Tik Tpk by using your existing Google, Facebook or Instagram account.

By default all accounts are public so anyone on the app can see what your child shares. However, only approved followers can send them messages.

Users can like or react to a video, follow an account or send messages to each other. There is the risk that strangers will be able to directly contact children on the app.

Children may be tempted to take risks to get more of a following or likes on a video so it’s important to talk about what they share and with who.

You can set an account to be private so that all videos can only be seen by the creator and no one else on the platform. With a private account, you can approve or deny users and limit incoming messages to followers only.

Please note that even with a private account, your child’s profile photo, username, and bio are still visible to all users on the platform.

You can manage who can comment  and direct message your child on the APP

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Disney Lawsuit Over Children’s Information

Amanda Rushing is suing The Walt Disney Company, Disney Electronic Content in a class action filed in California federal court.

She claims Disney is collecting personal information of children and tracking online behaviour and this is contrary to the law.

App developers can track children’s behaviour while they play online games with their mobile devices by obtaining critical pieces of data from the mobile devices, including ‘persistent identifiers,’ typically a unique number linked to a specific mobile device. . These persistent identifiers allow APP creators  to detect a child’s activity across multiple APPS and platforms on the internet and across different devices. This information is then sold to various third-parties who sell targeted online advertising.

The lawyer says that this is exactly the kind of practice the Children’s Online Privacy Protection Act was enacted to prevent. Under COPPA, app developers and any third-parties working with them can’t legally collect personal information about children who are under the age of 13 without verifiable consent from their parents.

“Disney has failed to safeguard children’s personal information and ensure that third-parties’ collection of data from children is lawful”.

Rushing says her daughter was tracked while using the princess pets app, but the suit claims dozens of other games also track their users, including Club Penguin Island, Star Wars: Puzzle Droids, Frozen Free Fall and Disney Emoji Blitz.

Disney says that they have a robust COPPA compliance program, and maintain strict data collection and use policies for Disney apps created for children and families.

As it turns out, Disney had consulted with three partners to insert advertising-specific software into Disney Princess Palace Pets and some of its other applications. This gathers pieces of data and help advertisers detect a user’s activity via persistent identifiers. These persistent identifiers to track someone across multiple devices and apps with the intention of serving targeted ads.

Given this track record, parents and children might want to think carefully about downloading any of Disney’s apps. – stick to watching the movies instead.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.