Tag Archive for: Tests

Google tests a ‘Private Space’ feature on Android phones, allowing secure hiding of apps


Minute Mirror - Subscribe
Minute Mirror - Subscribe

For Android smartphones, Google is actively developing a feature called “Private Space” that will allow users to safely conceal apps. This feature, which is expected in a future Android OS update, allows users to hide files and apps from other users, similar to Samsung’s Secure Folder feature that has been around for six years.

This feature, found in the Security & Privacy settings, enables users to create a protected Android user profile using biometrics or a password/PIN. Mishaal Rahman found this development in the Android 14 QPR2 beta. This feature improves privacy when sharing the device by hiding not just the presence of the app but also its notifications.

To preserve the covert use of the “Private Space” feature, Google is thinking of implementing a search bar trigger to reveal these apps.
The possible inclusion of the feature in Android 15 may indicate that smartphone makers will use it more widely, giving more people access to Samsung’s Secure Folder-like features. Rahman points out that not all features were activated in the most recent beta because it’s still in development.

Source…

iboss Adaptive Private Access for Zero Trust Networks Provides Greater Protection Against Advanced Threats and Malware than Competitors in Independent Laboratory Tests


News Image

At iboss, we are hyper focused on creating technology that makes it easier for organizations to implement a complete Zero Trust Network Architecture to better protect organizations in this modern-day work from anywhere environment

iboss, the leader in cloud-delivered cybersecurity, today announced the results of its third-party efficacy testing for its iboss Zero Trust Adaptive Access for Zero Trust Networks, which was rigorously tested for its malware blocking effectiveness by Miercom, a premier independent testing laboratory. The report concluded that iboss Adaptive Private Access delivered superior malware threat protection and is the only service that provides continuous inspection of Private Access traffic.

The test evaluated iboss’s Adaptive Private Access technology. This cloud native Zero Trust platform protects organizations by ensuring employees or devices accessing sensitive cloud apps are redirected through iboss’s Adaptive Private Access, which acts as a checkpoint that continuously monitors for threats to the protected cloud app. When iboss Adaptive Private Access adaptive identifies a threat, the platform cuts access immediately and automatically, with no human intervention, to prevent infections from spreading and corporate data from being stolen. The test results proved that iboss exceeded the requirements set forth by Miercom, blocking 99.7% of malware, and performed 26% higher in malware blocking effectiveness than the industry average of all platforms tested by Miercom to date.

“At iboss, we are hyper focused on creating technology that makes it easier for organizations to implement a complete Zero Trust Network Architecture to better protect organizations in this modern-day work from anywhere environment,” said Paul Martini, CEO and co-founder of iboss. “This result confirms our commitment to providing the most comprehensive security solution for organizations of all sizes.”

The report concluded that iboss Adaptive Private…

Source…

‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector


API security is a ‘great gateway’ into a pen testing career, advises specialist in the field

Most web API flaws are missed by standard security tests - Corey J Ball on securing a neglected attack vector

INTERVIEW Securing web APIs requires a different approach to classic web application security, as standard tests routinely miss the most common vulnerabilities.

This is the view of API security expert Corey J Ball, who warns that methods that aren’t calibrated to web APIs can result in false-negative findings for pen testers.

After learning his craft in web application penetration testing in 2015 via hacking books, HackTheBox, and VulnHub, Ball further honed his skills on computers running Cold Fusion, WordPress, Apache Tomcat, and other enterprise-focused web applications.

Read more of the latest interviews with industry experts

He subsequentially obtained CEH, CISSP, and OSCP certificates before eventually being offered an opportunity to help lead penetration testing services at public accounting firm Moss Adams, where he still works as lead web app pen tester.

Recently focusing more narrowly on web API security – a largely underserved area – Ball has launched a free online course on the topic and published Hacking APIs: Breaking Web Application Programming Interfaces (No Starch Press, 2022).

In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our applications.

Attractive attack vector

The past few years have seen accelerating adoption of web APIs in various sectors. In 2018, Akamai reported that API calls accounted for 83% of web traffic.

“Businesses realized they no longer need to be generalists that have to develop every aspect of their application (maps, payment processing, communication, authentication, etc),” Ball says. “Instead, they can use web APIs to leverage the work that has been done by third parties and focus on specializing.”

API stands for application programming interface, a set of definitions and protocols for building and integrating application software.

Web APIs, which can be accessed with the HTTP protocol, have spawned API services that monetize their technology, infrastructure, functionality, and data. But APIs have attracted the…

Source…

Facebook tests App Store rules, Apple fights sideloading, Netflix games go global – TechCrunch


Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.

Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and suggestions about new apps and games to try, too.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Google Play to allow support for alternative billing systems in South Korea

Following the passage of the so-called “anti-Google law” in South Korea, Google says it will comply with the new mandate by giving Android app developers on Google Play the ability to offer alternative payment systems alongside Google’s own. The legislation represents the first time a government has been able to force app stores to open up to third-party payment systems for in-app purchases — a change that could impact both app stores’ revenues, as developers look to skirt the tech giants’ commissions.

Image Credits: Google

In a blog post this week, Google says developers in South Korea will be able to add an alternative in-app billing system in addition to Google Play’s billing system for their mobile and tablet users in the country. At checkout, users will be able to choose which billing system they want to use for their purchase. Details for developers about how to…

Source…