|
|
|
|
|
|
by dekimir
2882 days ago
|
|
|
Is there a good writeup somewhere on how the phone apps you mentioned prevent tampering? I'd be super-interested in reading it. Alternatively, are you available for consulting on the topic? I couldn't find any contact info in your profile. :( |
|
|
Starbucks app security is a good starter and easy to implement their strategies in an existing app. If you add in IOS version checking, you can help mitigate the risk of getting attacked by a jailbroken device on an older version of IOS.
https://blog.tendigi.com/starbucks-should-really-make-their-...
Skype is probably best in terms of securing the app from prying eyes and modification. Here's a good read on how they protected the app and the reverse engineering effort needed to crack it. http://www.oklabs.net/skype-reverse-engineering-genesis/
I threw in my linkedin profile into my hackernews profile. Feel free to add me. I just listed stuff protecting the app, there's additional strategies to secure the API including low-level pack inspection to detect proxies by looking at attributes like TCP timestamp or window size scale. Proxy-based attacks are the most common when it comes to financial fraud as the hackers aren't US-based but need a residential US IP to avoid detection and IP ACLs.