Upwardly Mobile - API & App Security News cover art

Upwardly Mobile - API & App Security News

Upwardly Mobile - API & App Security News

By: Approov Limited
Listen for free

About this listen

 Dive into the high-stakes world of mobile app development and API security with Upwardly Mobile, your ultimate guide to defending apps in today’s volatile digital landscape. Hosted by Skye Macintyre and George McGregor, and proudly sponsored by Approov, the gold standard in mobile app attestation and API security. This podcast unpacks the evolving AI enabled threats and innovative solutions shaping mobile cybersecurity. Explore why built-in protection from Apple, Google, Samsung and Huawei often fall short, leaving sensitive data vulnerable. Learn how advanced techniques—like runtime attestation and dynamic API security—thwart attackers and secure your app ecosystem. Each episode delivers insights into major data breaches, emerging trends, and actionable strategies to fortify your apps and APIs against ever-advancing cyber threats. From development best practices to navigating compliance and regulation, Upwardly Mobile equips iOS, Android and HarmonyOS mobile developers, security professionals, and tech enthusiasts with the knowledge to safeguard their creations. Stay informed, stay secure, and stay ahead with expert guidance on the future of mobile cybersecurity. Subscribe now on Spotify and Apple Podcasts, and elevate your security game!2025 Approov Limited Economics Personal Finance Politics & Government
Episodes
  • Apple's EU App Store Overhaul | Fees, Fines, and the Fight for DMA Compliance

    Apple's EU App Store Overhaul | Fees, Fines, and the Fight for DMA Compliance
    Jun 28 2025
    Unpacking Apple's EU App Store Overhaul: Fees, Fines, and the Fight for DMA Compliance

    Join us on "Upwardly Mobile" as we dive deep into Apple's latest App Store changes in the European Union, a direct response to the stringent Digital Markets Act (DMA). Faced with a hefty €500 million (about $570 million) penalty from the EU for "anti-steering" practices, Apple has introduced a complex new fee structure that's shaking up the mobile app ecosystem. What You'll Learn in This Episode:
    • The New Tier System for Store Services Fees: Discover how Apple's new two-tier system impacts developers. Tier 1 offers basic App Store features for a 5 percent commission, while Tier 2 provides full access at a 13 percent commission. We'll discuss what features are missing from the cheaper tier, including automatic app updates and promotional tools.
    • Introducing the Core Technology Commission (CTC): Understand Apple's new 5 percent commission on outside purchases made in apps distributed on the App Store. This fee is set to transition from the previous Core Technology Fee (CTF) by January 1, 2026, becoming a "single business model" for EU developers and applying to digital goods and services sold across the App Store and alternative marketplaces. The EU has previously ruled that the CTF was not "necessary and proportionate".
    • The DMA's Impact and Anti-Steering Rules: We break down how the DMA forced Apple to allow developers more choices in app distribution and promotion, specifically ending prohibitions on "steering" users to cheaper alternatives outside the App Store. This comes after a US court order, stemming from the Epic Games lawsuit, also prevented Apple from taking commission on purchases made outside the App Store in the US.
    • The "Malicious Compliance" Debate: We explore the significant criticism Apple faces for its DMA compliance, with many, including Epic Games CEO Tim Sweeney and Spotify, accusing them of "malicious compliance"—adhering to the letter but not the spirit of the law. Critics argue Apple's changes still create barriers to competition.
    • Apple's Defense and Ongoing Scrutiny: Despite the criticism and fines, Apple maintains it has taken significant steps to open its ecosystem and is appealing the EU's penalty. The European Commission is currently assessing these new changes to determine if they are fully compliant with the DMA.
    Don't miss this essential episode to understand the shifting landscape of app development and distribution in Europe!

    Reading & Resources:
    • Apple overhauls EU App Store rules following penalty (Link to The Verge article)
    • Apple reveals complex system of App Store fees to avoid EU fine of 500 million euro (Link to CNBC article)
    • Updates for apps in the European Union (Link to Apple Developer news)
    • Apple's DMA developer support page and Compliance Report (Link to Apple's official DMA info)
    • Alternative Terms Addendum for Apps in the EU and StoreKit External Purchase Link Entitlement Addendum for EU Apps (Links to Apple's legal terms)
    Sponsor Message: This episode of "Upwardly Mobile" is brought to you by Approov. In a world of evolving mobile threats, Approov provides advanced mobile app shielding and API protection to keep your apps and APIs secure from bots and malicious attacks. Ensure your mobile transactions are safe and sound. Learn more at www.approov.io.
    Show More Show Less
    16 mins
  • Why the Open App Markets Act Matters?

    Why the Open App Markets Act Matters?
    Jun 25 2025
    Why the Open App Markets Act MattersEpisode Notes:Join us on "Upwardly Mobile" as we delve into the critical issue of how Apple and Google's dominant control over the mobile app ecosystem is stifling innovation in mobile app security and potentially increasing long-term consumer cyber risk. While both companies, especially Apple, are currently seen as doing a "reasonable job" with cybersecurity within their closed environments, experts warn that this "monoculture protection" is not sustainable against evolving threats from nation-states, criminal groups, and AI.The Problem with App Store Monopolies: The core argument is that monopolistic behavior naturally suppresses innovation because there's little fear of competition. This has led to a situation where innovative mobile app security startups are struggling to achieve the growth and valuations seen in other cybersecurity sectors like cloud and API security, despite the central role mobile apps play in our daily lives. This concentration of security responsibility with just two companies puts all our "defensive eggs into one basket".A prime example is Google Mobile Services (GMS), which maintains a strong hold on Android mobile apps, making it difficult for external security vendors to compete effectively. The sources highlight that Apple and Google's solutions are specific to their closed ecosystems, lacking incentive for crucial cross-platform security initiatives.The Solution: The Open App Markets Act (OAMA) The bipartisan Open App Markets Act was introduced by U.S. Senators Marsha Blackburn, Richard Blumenthal, Mike Lee, Amy Klobuchar, and Dick Durbin to address these concerns. This landmark legislation aims to set fair, clear, and enforceable rules to promote competition and strengthen consumer protections within the app market by curtailing Apple and Google's "gatekeeper control".Key Provisions of OAMA:Protecting Developer Rights: Developers would be empowered to inform consumers about lower prices and offer competitive pricing outside the app stores, without fear of penalty from Apple or Google.Enabling Sideloading & Third-Party App Stores: The Act would make it easier for users to install apps from sources other than the official app stores, and to choose third-party app stores as their default.Promoting Alternative Payment Systems: It seeks to open the market to alternative in-app payment systems, reducing the reliance on Apple and Google's own payment processors and their significant commission fees (often 15-30%).Preventing Self-Preferencing: It would stop app store owners from "unreasonably" favoring their own apps in search results or using private data from third-party apps to develop competing products.Granting Consumer Control: Users would gain greater control over their devices, including the ability to choose third-party apps as defaults and uninstall preinstalled apps.Security & Privacy Safeguards: The bill includes provisions allowing app stores to take actions "necessary to achieve user privacy, security, or digital safety," provided these actions are applied consistently and are narrowly tailored.Support & Criticisms: The Open App Markets Act has garnered strong support from numerous technology and consumer groups, including Spotify, Epic Games, the American Economic Liberties Project, and the Coalition for App Fairness, all advocating for a fairer, more competitive marketplace. They argue it will lead to lower prices, more innovation, and increased consumer choice.However, Apple and Google are predictably opposed, raising concerns about potential security risks associated with opening up their platforms to sideloading and alternative app stores. There are also ongoing debates about whether the bill could inadvertently affect content moderation by potentially penalizing companies for exercising editorial judgment.Recommendations for Moving Forward: Beyond legislation, the authors of "Apple and Google are Suppressing Innovation in Mobile App Security" offer concrete recommendations for Apple and Google to foster a healthier mobile app security ecosystem:Facilitate Third-Party Security Vendors: Open their ecosystems to third-party mobile app security solutions through certification and partnership models.Incentivize Developers: Financially reward developers who invest in robust security measures, potentially through reduced commission rates.Adopt Open Standards: Transition to widely recognized open standards for mobile app security evaluation, such as those developed by OWASP, and extend this to mobile payment systems.These steps are crucial to ensure that the rapid evolution of cyber threats is met with equally rapid and diverse innovation, protecting consumers and society at large from future mobile app breaches.Sponsor: This episode is brought to you by Approov. Learn more about their cutting-edge mobile app and API shielding security solutions at www.approov.io.Keywords: Mobile app security, Apple App Store, Google Play Store, ...
    Show More Show Less
    16 mins
  • The 16 Billion Credential Crisis: Blueprint for Mass Exploitation

    The 16 Billion Credential Crisis: Blueprint for Mass Exploitation
    Jun 25 2025
    The 16 Billion Password Leak: Securing Your Digital FootprintEpisode Notes:In this crucial episode of "Upwardly Mobile," we delve into the recent confirmation of what researchers believe is the largest password leak in history, exposing an astounding 16 billion login credentials [1-4]. This "mother of all leaks" involves a vast number of compromised records, with researchers discovering "30 exposed datasets containing from tens of millions to over 3.5 billion records each" [3, 4].Understanding the Massive Breach:• Scope of Compromise: The leaked data includes billions of login credentials from social media, VPNs, developer portals, and user accounts for major vendors like Apple, Facebook, and Google, as well as GitHub, Telegram, and various government services [4-8].• Nature of the Data: Researchers have stated that the information contained is "fresh, weaponizable intelligence at scale" and not merely recycled old breaches [6, 9]. It often includes a URL, login details, and a password, opening the door to "pretty much any online service imaginable" [6, 7].• Cause of the Leak: While the 16 billion strong leak is primarily attributed to multiple infostealers [2, 10], experts also highlight how easily sensitive data can be unintentionally exposed online, such as in misconfigured cloud environments [11, 12].• Clarification on Company Breaches: Cybersecurity researcher Bob Diachenko clarified that there was "no centralized data breach at any of these companies" like Apple, Facebook, or Google. Instead, the credentials were found in infostealer logs containing login URLs to their pages, making password reuse across services a significant risk [13].• The Danger: This leak is described as "a blueprint for mass exploitation" and "ground zero for phishing attacks and account takeover" [6, 7, 9]. Stolen passwords are readily available on the dark web for purchase by malicious actors, leading to identity theft, fraud, and blackmail [8, 14-16].Essential Steps to Protect Your Digital Life:• Change Passwords: It is highly recommended to change your account passwords, especially if you have ever reused any credentials across more than one service [17, 18].• Embrace Passkeys: Transitioning to passkeys wherever possible is crucial. Passkeys are significantly more secure than traditional passwords, often leveraging factors like face or fingerprint recognition, and are gaining adoption by major tech companies like Apple, Facebook, and Google [1, 14, 17, 19].• Use Password Managers: Invest in and utilize password management solutions to generate and securely store unique, strong passwords for all your online accounts [17, 20, 21].• Implement Multi-Factor Authentication (MFA): Enable MFA on all your accounts as an additional layer of security beyond just a password [21, 22].• Utilize Dark Web Monitoring Tools: These tools can alert you if your passwords have been exposed online, enabling you to take immediate action [20, 21].• Avoid Password Reuse: This is a critical security practice; never use the same password across multiple websites. If one account is compromised, attackers can gain access to others where the password has been reused [18, 23].How Organizations Can Strengthen Their Defenses:This episode is proudly brought to you by Approov, a key player in API security, providing robust protection against threats stemming from compromised credentials [24]. Approov enhances security by establishing a layered model that makes compromised credentials insufficient for attackers to access protected APIs [25]:• App Instance Authentication: Approov verifies that only genuine, untampered versions of your mobile app can communicate with your backend APIs [24].• Defense Against Credential Stuffing: Attacks relying on stolen credentials are thwarted unless the request originates from a validated app environment [26].• Mitigating Bot and Script Attacks: Traffic from automated login attempts using breached credentials is detected and prevented [26].• API Key and Secrets Protection: Secrets like API keys are delivered at runtime only to verified apps, ensuring they are never hardcoded or exposed in the app binary [27].• Short-Lived Tokens and Pinning: Approov uses short-lived JWT tokens and TLS certificate pinning to secure data in transit and prevent Man-in-the-Middle (MitM) attacks [27].• Granular Security Policies: Security policies can be dynamically updated to revoke access for specific devices or app versions, allowing immediate response to suspected compromises without needing an app update [25].Approov empowers organizations to "limit risk by ensuring access to sensitive systems is always authenticated, authorized and logged," regardless of where the data resides [20]. Discover more about their solutions at approov.io.**The Debate on Shared Responsibility:**The massive leak underscores that cybersecurity is a shared responsibility [12, 21...
    Show More Show Less
    15 mins

What listeners say about Upwardly Mobile - API & App Security News

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com.au reviews

Amazon Reviews
No Reviews are Available
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.