News
June 17, 2025
Two announcements in a few days show increasing tension in Apple and Android ecosystems over apps mobile security.
Apple’s semi-closed model reduces the attack surface, but does not eliminate it entirely. Despite rigorous reviews, Apple admits to blocking 10,000 ‘pirate’ apps outside the official store.
Android’s flexibility is a double-edged sword. The ability to install apps from external sources is exploited by Crocodilus to spread via phishing campaigns on social networks.
Attackers target where the money goes. From in-app banking to cryptocurrency, mobile apps have become a fast track for traditional fraud and new forms of social engineering.
At Mobisec, we test and monitor the security of Android and Apple applications for companies in the fintech, retail, telco and PA sectors, among others.
At the heart of our approach to security is DSA (Distributed Security Assessment).
Want to know how exposed your app is?
Contact us to find out more about the Mobisec Console
Assess the current risk. Even if your app is available on the App Store or Google Play, attackers can still find alternative ways to access it. You can monitor them.
Introduce security measures into the development cycle. 30% of apps rejected by Apple are due to privacy or permission abuse issues. It is better to find out before than after submission.
Embrace a continuous security approach. Threats evolve faster than release cycles, so a one-off assessment is not enough.
Apple’s statistics show that even apps that appear extremely secure and safe are never fully so. Meanwhile, Crocodilus’expansion highlights the vulnerability of Android’s open supply chain. Mobile is often the first point of contact with your business; ignoring these signals gives attackers an advantage.
DSA helps you bridge the gap between compliance and real security, protecting your business and your users throughout the mobile app lifecycle.