More Software Engineering Daily episodes

Mobile App Security with Ryan Lloyd thumbnail

Mobile App Security with Ryan Lloyd

Published 9 Apr 2026

Duration: 54:52

Mobile app security in critical sectors like banking, healthcare, and finance faces unique challenges such as reverse engineering and runtime tampering, requiring measures like code obfuscation, RASP, and API attestation, while addressing threats from LLMs, fraud, and third-party vulnerabilities through layered defenses and proactive testing.

Episode Description

Mobile apps have become a primary interface for critical services, including banking, payments, and healthcare. Unlike web applications, much of the l...

Overview

The podcast discusses the growing importance of mobile apps in critical sectors such as banking, healthcare, and payments, emphasizing their unique security challenges. Unlike web apps, mobile apps execute logic on user devices, making them vulnerable to reverse engineering, runtime manipulation, and fraud. GuardSquare is highlighted for its role in addressing these risks through tools like code obfuscation, runtime application self-protection (RASP), and mobile-specific security testing. The company emphasizes layered defense strategies, integrating protections such as control flow obfuscation, virtualization, and API attestation to counter threats ranging from intellectual property theft to phishing and cheating in gaming apps. Industry-specific challenges, such as securing healthcare apps that interface with medical devices or ensuring compliance with PCI DSS in financial apps, are explored alongside the growing sophistication of attack techniques, including the use of reverse engineering tools and large language models (LLMs) to democratize security knowledge for malicious actors.

The discussion also addresses security paradigms in mobile ecosystems, contrasting device-level protections (e.g., MDM tools) with app-level measures required for consumer apps. Key vulnerabilities, such as hardcoded keys in banking apps, insecure TLS configurations, and risks from third-party libraries, are detailed, with recommendations for combining static and dynamic testing methods to detect threats. GuardSquares focus on threat monitoring, attestation technologies, and integrated platforms that combine protection, testing, and real-time threat intelligence is underscored. Challenges like evolving attack vectorssuch as LLMs enabling more advanced exploitationand industry-specific issues (e.g., anti-cheat measures in gaming, data privacy in healthcare) are emphasized as ongoing concerns for developers. The conversation also touches on the need for continuous adaptation to emerging threats and the importance of compliance with standards like GDPR, ISO, and HIPAA to safeguard sensitive data in mobile environments.

Recent Episodes of Software Engineering Daily

2 Jul 2026 Grafanas Approach to AI-Native Observability

Modern software systems' complexity from microservices and autonomous AI agents demands advanced observability via telemetry data, open-source tools like OpenTelemetry and Grafana, new AI monitoring frameworks, evolving SRE/DevOps roles, and governance to balance innovation with reliability and transparency.

30 Jun 2026 Building Software That People Love

MetaLabs emphasizes integrating software development with user experience through stable tech stacks, iterative design starting with minimal aesthetics, AI-driven role convergence, balancing functionality with delight, prioritizing foundational product DNA over optimization, and highlighting human creativity's enduring value in digital product creation for clients like Slack and Uber.

23 Jun 2026 Foundation Models for Structured Data

Relational deep learning proposes graph-based and transformer-driven methods to enhance predictive modeling for structured data tasks like fraud detection and loan approvals, aiming to reduce manual feature engineering while addressing challenges in scalability and specialized architectures compared to rapid advancements in vision and NLP.

18 Jun 2026 Biome and the Future of JavaScript Tooling

Biome is a Rust-built, minimal-config tool for formatting and linting web projects, emphasizing cross-environment consistency, type-aware linting without TypeScript, and serving as a drop-in replacement for Prettier/ESLint, while addressing tooling evolution through performance-focused design, semantic analysis, LSP integration, and community-driven features.

16 Jun 2026 Preparing for Q-Day

Quantum computing threatens public-key cryptography, necessitating a shift to post-quantum alternatives by 2029, with lattice-based methods leading despite implementation challenges, as quantum advancements accelerate the urgency for infrastructure updates and secure cryptographic transitions.

More Software Engineering Daily episodes