The Stack Overflow Podcast If an attacker can edit your mobile code, how do you defend your app?
Jun 4, 2025
Jan Sierodinski, a security engineer and pentester at GuardSquare, discusses critical vulnerabilities in mobile application security. He explores the pressing risks of editable mobile code and identity verification, illustrated by real-world examples like a food delivery app's security breach. The conversation dives into advanced strategies for defending against binary-level code attacks, including obfuscation techniques and encryption. Sierodinski also highlights the evolving role of AI in code analysis and the importance of adapting security practices in today's landscape.
AI Snips
Chapters
Transcript
Episode notes
Face Verification Bypass Story
- Hackers created a modded app to bypass face verification for illegal workers by replaying video recordings as live camera feed.
- This tactic also threatens banking, government, and betting apps using identity verification.
Banking App Repackaging Scam
- Attackers repackage banking apps with injected accessibility services that log everything typed on the screen.
- They then distribute these mods via phishing campaigns to steal sensitive user data.
How Attackers Analyze Apps
- Begin attacks by reverse engineering the app with tools to understand its flow and code.
- Then create proof-of-concept exploits and patch the binary to bypass protections like license checks.