More Software Engineering Daily episodes
Published 9 Apr 2026
Duration: 54:52
Mobile app security in critical sectors like banking, healthcare, and finance faces unique challenges such as reverse engineering and runtime tampering, requiring measures like code obfuscation, RASP, and API attestation, while addressing threats from LLMs, fraud, and third-party vulnerabilities through layered defenses and proactive testing.
Mobile apps have become a primary interface for critical services, including banking, payments, and healthcare. Unlike web applications, much of the l...
The podcast discusses the growing importance of mobile apps in critical sectors such as banking, healthcare, and payments, emphasizing their unique security challenges. Unlike web apps, mobile apps execute logic on user devices, making them vulnerable to reverse engineering, runtime manipulation, and fraud. GuardSquare is highlighted for its role in addressing these risks through tools like code obfuscation, runtime application self-protection (RASP), and mobile-specific security testing. The company emphasizes layered defense strategies, integrating protections such as control flow obfuscation, virtualization, and API attestation to counter threats ranging from intellectual property theft to phishing and cheating in gaming apps. Industry-specific challenges, such as securing healthcare apps that interface with medical devices or ensuring compliance with PCI DSS in financial apps, are explored alongside the growing sophistication of attack techniques, including the use of reverse engineering tools and large language models (LLMs) to democratize security knowledge for malicious actors.
The discussion also addresses security paradigms in mobile ecosystems, contrasting device-level protections (e.g., MDM tools) with app-level measures required for consumer apps. Key vulnerabilities, such as hardcoded keys in banking apps, insecure TLS configurations, and risks from third-party libraries, are detailed, with recommendations for combining static and dynamic testing methods to detect threats. GuardSquares focus on threat monitoring, attestation technologies, and integrated platforms that combine protection, testing, and real-time threat intelligence is underscored. Challenges like evolving attack vectorssuch as LLMs enabling more advanced exploitationand industry-specific issues (e.g., anti-cheat measures in gaming, data privacy in healthcare) are emphasized as ongoing concerns for developers. The conversation also touches on the need for continuous adaptation to emerging threats and the importance of compliance with standards like GDPR, ISO, and HIPAA to safeguard sensitive data in mobile environments.
7 Apr 2026 FastMCP with Adam Azzam and Jeremiah Lowin
Fast MCP, an open-source project by Prefect, simplifies the Model Context Protocol with high-level Python abstractions, enabling efficient server and application development through ergonomic design, decorator-driven tools, and enterprise adoption, evolving into a standardized AI workflow solution via community-driven growth.
31 Mar 2026 FreeBSD with John Baldwin
FreeBSD's evolution from BSD, its use in PlayStation 4 and Netflix's CDN, community-driven governance, challenges in maintaining a legacy codebase, modernization efforts, hardware integrations, and initiatives like CherryBSD for memory safety, alongside licensing and corporate collaboration impacts.
26 Mar 2026 Cilium, eBPF, and Modern Kubernetes Networking with Bill Mulligan
eBPF-based projects like Cilium address cloud-native networking challenges by enabling scalable, secure, identity-driven traffic management in Kubernetes through kernel-level programmability, replacing traditional tools with efficient, crash-resistant solutions.
24 Mar 2026 Games That Push Back with Bennett Foddy
Bennett Foddy's systems-driven design emphasizes physics-based mechanics, absurdist themes, and nuanced frustration over simplistic difficulty, using games like *QWOP* and *Baby Steps* to explore player agency, iterative discovery, and critiques of industry trends through accessible, community-informed development.
19 Mar 2026 Prettier and Opinionated Code Formatting with James Long
Developer tooling shapes software workflows by streamlining code formatting with opinionated tools like Prettier, addressing formatting inefficiencies, differentiating from ESLint through dynamic code structure analysis, and confronting adoption hurdles, open-source sustainability challenges, ecosystem fragmentation, and the trade-offs between flexibility, usability, and developer needs in JavaScript tooling.