Skip to main content

Posts

Showing posts from February, 2018

So how do you steal credential in memory in mobile?

It's not a technical question, it's a question when a few people argue (devil's advocate) that even if their app has an issue of storing the 'Login Credentials' in memory, what's the risk? Their arguments are:

They have jailbreak/ root detection implemented. So the app cannot be installed on a rooted device.>>Counter argument: The JB/ root detection are completely by-passable as they are client side protections. Scenarios, a user can intentionally/ unintentionally bypass this check and install at his own device to enjoy banking and other apps also, which require a root. Second scenario, a security researcher can do the same thing to do a research and learn how this app works. If this app belongs to a reputed firm and he/ she makes this finding public, it would be reputation loss.If you try to root the device which has the app already installed, the device will reboot and in this order kills the app's process and consequently clears the memory which ho…