Mobile Security
Introducing Mobile Shielding That Can Resist AI Attacks
Ostorlab has launched Mobile Shielding Scan, an automated, AI-powered testing solution designed specifically for shielding detection and validation. It gives security teams streamlined, continuous validation of critical iOS and Android runtime protections, identifying whether security shields are actually present and if they can withstand real-world attacks. This empowers organizations with an automated, scalable, and powerful way to continuously validate RASP tools and mobile self-defense layers across every release.
Thu 25 June 2026
The App Was Never Opened
Agentic harnesses change what an LLM can do in mobile app security testing. On its own, a model c...
Thu 25 June 2026
Introducing Ostorlab Cyber Models
Ostorlab has launched Cyber Models, a managed, prepaid AI infrastructure tier for Deep Agentic Sc...
Tue 23 June 2026
Introducing Ostorlab App Vetting for the Agentic Era
Ostorlab has launched App Vetting, a mobile application risk assessment solution that helps teams...
Tue 16 June 2026
Inside BeatBanker / BTMOB: Static Analysis of TV_V_23.apk, a Multi-Stage Android Banking Malware Platform
A static analysis of TV_V_23.apk, a multi-stage Android banking malware platform attributed with high confidence to the BeatBanker / BTMOB cluster. Distributed as a trojanized fork of the open-source LumoLight flashlight app, the sample chains a native bootstrap, a Firebase-driven orchestrator, a cryptominer-and-keepalive helper, and a full operator RAT with accessibility abuse, screen capture, and runtime-configurable banking-app targeting. Covers the full infection chain, anti-analysis design, attribution, IOCs, and defender recommendations.
Android Intent Redirection: Attack Vectors and Mitigations
A deep dive into Android intent redirection vulnerabilities, showing how exported “proxy” components can be abused to launch protected components, leak data via setResult(), steal content via URI grants, and hijack flows. Covers common misuse patterns and layered mitigations including validation, allowlists, IntentSanitizer, stripping dangerous flags, immutable PendingIntents, and reducing exported components.
Latest posts
DORA Third‑Party Risk for Mobile AppSec: SDK Governance and Audit‑Ready Evidence Packs
A deep dive into DORA-focused third‑party risk for mobile AppSec, showing why embedded SDKs and runtime providers demand release‑scoped governance because vulnerabilities persist across multiple app versions in the wild and provider outages directly break critical journeys. It outlines an audit‑ready approach built on per‑release SDK inventories and diffs, approval/ban rules, patch SLAs with time‑boxed exceptions, and evidence packs that stay version‑scoped, indexed, and quickly retrievable.
Tue 14 April 2026
Announcing Ostorlab for Harness: Mobile Security Scanning in CI Pipelines
Ostorlab now integrates with Harness CI to run automated mobile application security scans inside CI pipelines. Using Harness Secrets and a simple Run step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps bring security into CI by improving feedback speed and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full) and optional inputs like test credentials, SBOM, and UI prompts.
Mon 06 April 2026
Announcing Ostorlab for Bitrise: Mobile security scans in your CI
Ostorlab now integrates with Bitrise to run automated mobile application security scans inside CI workflows. Using a Bitrise Secret plus a simple Script step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps shift security left by shortening feedback loops and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full, agentic deep scan) and optional inputs like test credentials, SBOM, and UI prompts.
Fri 27 March 2026
Mobile Operational Resilience Under DORA: The simplest drill library for BFSI journeys
A mobile-first guide to DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Tue 24 March 2026
DORA Compliance for Mobile Releases: The easiest baseline, verdict, and exceptions model
A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Tue 10 March 2026
[Online Event] Security of 3rd party dependencies in Mobile Applications
Mobile applications assessments, automation of 3rd party dependency review
Fri 12 June 2020