More Software Engineering Daily episodes
Published 9 Apr 2026
Duration: 54:52
Mobile app security in critical sectors like banking, healthcare, and finance faces unique challenges such as reverse engineering and runtime tampering, requiring measures like code obfuscation, RASP, and API attestation, while addressing threats from LLMs, fraud, and third-party vulnerabilities through layered defenses and proactive testing.
Mobile apps have become a primary interface for critical services, including banking, payments, and healthcare. Unlike web applications, much of the l...
The podcast discusses the growing importance of mobile apps in critical sectors such as banking, healthcare, and payments, emphasizing their unique security challenges. Unlike web apps, mobile apps execute logic on user devices, making them vulnerable to reverse engineering, runtime manipulation, and fraud. GuardSquare is highlighted for its role in addressing these risks through tools like code obfuscation, runtime application self-protection (RASP), and mobile-specific security testing. The company emphasizes layered defense strategies, integrating protections such as control flow obfuscation, virtualization, and API attestation to counter threats ranging from intellectual property theft to phishing and cheating in gaming apps. Industry-specific challenges, such as securing healthcare apps that interface with medical devices or ensuring compliance with PCI DSS in financial apps, are explored alongside the growing sophistication of attack techniques, including the use of reverse engineering tools and large language models (LLMs) to democratize security knowledge for malicious actors.
The discussion also addresses security paradigms in mobile ecosystems, contrasting device-level protections (e.g., MDM tools) with app-level measures required for consumer apps. Key vulnerabilities, such as hardcoded keys in banking apps, insecure TLS configurations, and risks from third-party libraries, are detailed, with recommendations for combining static and dynamic testing methods to detect threats. GuardSquares focus on threat monitoring, attestation technologies, and integrated platforms that combine protection, testing, and real-time threat intelligence is underscored. Challenges like evolving attack vectorssuch as LLMs enabling more advanced exploitationand industry-specific issues (e.g., anti-cheat measures in gaming, data privacy in healthcare) are emphasized as ongoing concerns for developers. The conversation also touches on the need for continuous adaptation to emerging threats and the importance of compliance with standards like GDPR, ISO, and HIPAA to safeguard sensitive data in mobile environments.
21 May 2026 React Native at Scale
React Native, developed by Meta, enables cross-platform iOS/Android app development with shared JavaScript code, offering native performance, efficiency gains, design system integration, AI-driven code generation challenges, and reliability-focused practices like error monitoring and new architecture improvements (JSI, Turbo Modules) to address scalability and performance.
19 May 2026 Formal Methods as Agent Guardrails
The intersection of formal methods and autonomous AI emphasizes automated reasoning, hybrid neuro-symbolic approaches, and pragmatic verification strategies to address safety, scalability, and theoretical challenges in verifying complex systems across security, infrastructure, and dynamic behaviors.
14 May 2026 Open Source Sustainability
Open source software's critical role in modern tech is explored, addressing sustainability challenges, community strategies, AI's impact, and the need for governance and systemic support.
12 May 2026 Vespa AI and Surpassing the Limits of Vector Search
Vector search's reliance on single-vector similarity limits nuanced ranking and exact filtering, whereas tensor-based retrieval offers flexible hybrid approaches combining vector, lexical, and contextual signals, though it faces challenges with long texts, compression trade-offs, and requires evaluation datasets for optimization.
30 Apr 2026 The Ethics of Autonomous Weapons Systems
Rapid AI advancements in military tech, such as autonomous weapons and decision-support algorithms, outpace legal and ethical frameworks, raising concerns about human rights compliance, accountability gaps, and the need for interdisciplinary collaboration to ensure human oversight and update international law to address AI's dual role in enhancing warfare efficiency and posing societal risks from opaque systems.