Android Intent Redirection: Attack Vectors and Mitigations
A deep dive into Android intent redirection vulnerabilities, showing how exported “proxy” components can be abused to launch protected components, leak data via setResult(), steal content via URI grants, and hijack flows. Covers common misuse patterns and layered mitigations including validation, allowlists, IntentSanitizer, stripping dangerous flags, immutable PendingIntents, and reducing exported components.
Thu 23 April 2026
Introducing HarmonyOS App Scans + Huawei AppGallery Scans
Find a vulnerability scanner for HarmonyOS apps and Huawei AppGallery releases: Ostorlab adds aut...
Mon 20 April 2026
Mobile AppSec Testing Best Practices for High-Tech Teams Shipping at Scale
A technical guide to mobile application security testing best practices for high-tech teams shipp...
Thu 16 April 2026
DORA Third‑Party Risk for Mobile AppSec: SDK Governance and Audit‑Ready Evidence Packs
A deep dive into DORA-focused third‑party risk for mobile AppSec, showing why embedded SDKs and r...
Tue 14 April 2026
Announcing Ostorlab for Bitrise: Mobile security scans in your CI
Ostorlab now integrates with Bitrise to run automated mobile application security scans inside CI workflows. Using a Bitrise Secret plus a simple Script step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps shift security left by shortening feedback loops and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full, agentic deep scan) and optional inputs like test credentials, SBOM, and UI prompts.
Mobile Operational Resilience Under DORA: The simplest drill library for BFSI journeys
A mobile-first guide to DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Latest posts
DORA Compliance for Mobile Releases: The easiest baseline, verdict, and exceptions model
A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Tue 10 March 2026
DORA Compliance for Mobile Teams: Understanding scope and what you need to do
A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Tue 03 March 2026
Top Mobile App Security Testing Platforms 2026
Navigate the market for the Top Mobile App Security Testing Platforms 2026 by focusing on the criteria that actually matter for your delivery workflow. Our guide details exactly what to look for, including seamless CI/CD integration, powerful detection, and high-fidelity signal-to-noise ratios. Learn how to evaluate vendors on scalability, multiplatform support, and collaboration features to select a partner that secures your mobile releases without slowing you down.
Mon 05 January 2026
Understanding Android's FLAG_SECURE for Screen Security
What Android’s FLAG_SECURE does, how it prevents screenshots and screen recordings of sensitive app content, how to implement it correctly, where it makes sense to use it, and the key limitations and UX trade-offs developers need to understand, including its behavior with casting and external displays.
Mon 29 December 2025