Mobile devices and BYOD policies introduce significant security risks to organizations. The proliferation of mobile devices has led to new threats like activity monitoring, unauthorized payments, and exfiltration of sensitive data. Many mobile applications also put users' private data at risk through unsafe data practices and potential impersonation attacks. To help address these issues, user education is important, and organizations need strong mobile privacy and document access controls.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Security challenges of smart phone & mobile device
Visualizing mobile security
Attacks moving to mobile – why?
What your phone knows & what it shares
Smart phone & mobile device the threats
Countermeasures
Mobile security best practices
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Security challenges of smart phone & mobile device
Visualizing mobile security
Attacks moving to mobile – why?
What your phone knows & what it shares
Smart phone & mobile device the threats
Countermeasures
Mobile security best practices
This presentation gives an overview of various security issues in mobile phones having different operating systems. Ways to avoid spamming and malware in our mobile phones are also presented.
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
Symbian Botnet? Mobile Linux Rootkits? iPhone Botnets? Millions of phones at risk? The press coverage on smart phone threats is at times somewhat accurate, distant, and occasionally (if unintentionally) misleading. They tend to raise questions such as: How close to PC levels (100,000+ to millions of nodes) have mobile botnets reached? Have mobile rootkits reached the complexity of those on the PC?
This talk covered the state of rootkits and botnets on smart phones from the perspective of anti-malware researchers, including demystification of the threat from mobile rootkits and mobile botnets, the differences (if any) between mobile rootkits and mobile botnets vs. their PC counterparts, and a look at how samples seen in the wild and researcher PoCs function.
The above PPT contains the following content:
1. SPREADING OF VIRUS
2. ANAMNESIS (CASE STUDIES)
3. CURRENT STATUS OF MOBILE MALWARE
4. PROTECTIVE MEASURES
5. THREATS OF MOBILE PHONE
6. CONCLUSION
The detailed PROTECTIVE MEASURES are given in the above PPT.
eScan, one of the leading Anti-Virus and Content Security Solution providers, has studied on a recent poll that says 32% of the top IT professionals agreed that data breaches and malware are the top threats that any organization faces.
Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
This presentation gives an overview of various security issues in mobile phones having different operating systems. Ways to avoid spamming and malware in our mobile phones are also presented.
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
Symbian Botnet? Mobile Linux Rootkits? iPhone Botnets? Millions of phones at risk? The press coverage on smart phone threats is at times somewhat accurate, distant, and occasionally (if unintentionally) misleading. They tend to raise questions such as: How close to PC levels (100,000+ to millions of nodes) have mobile botnets reached? Have mobile rootkits reached the complexity of those on the PC?
This talk covered the state of rootkits and botnets on smart phones from the perspective of anti-malware researchers, including demystification of the threat from mobile rootkits and mobile botnets, the differences (if any) between mobile rootkits and mobile botnets vs. their PC counterparts, and a look at how samples seen in the wild and researcher PoCs function.
The above PPT contains the following content:
1. SPREADING OF VIRUS
2. ANAMNESIS (CASE STUDIES)
3. CURRENT STATUS OF MOBILE MALWARE
4. PROTECTIVE MEASURES
5. THREATS OF MOBILE PHONE
6. CONCLUSION
The detailed PROTECTIVE MEASURES are given in the above PPT.
eScan, one of the leading Anti-Virus and Content Security Solution providers, has studied on a recent poll that says 32% of the top IT professionals agreed that data breaches and malware are the top threats that any organization faces.
Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
Arxan Technologies, FS-ISAC, and IBM joined forces to deliver a presentation on how to protect your applications and data from emerging risks. This session will cover:
- The threat landscape regarding mobile payments
- How cybercriminals can hack your applications
- Comprehensive prevention and protection techniques
Cyber Security: A Hands on review on what is cyber security and how to prevent your devices from hacking and data breach. In today's era almost all devices are connected to internet are available for hackers to breach into and do their work. The data breach can be very dangerous and sometimes even more that it can demolish a company or a person.
In this presentation we will discuss about the ways and short description on Cyber Securty and Techniques.
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
From my presentation at Super Strategies, how to make mobilizaiton work in your organization. sadly, security is used as a reason to not implement mobile devices; however, I present the real threats in Mobile Security (Adapted from the great Veracode Mobile Security Presetnation by Chris Wysopal (with permission)). I then provide details on what Mobile Device Management is, how it works, and how it compares to other options.
The state of being protected against the unauthorized use of information, especially electronic data, or the measures are taken to achieve this.
"the growing use of mobile applications is posing a risk to information security"
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Technology Computing Conference
Presenter: Andrew Pond, Palm Beach State College
“Just because you're paranoid doesn't mean they aren't after you”. Ever pause just a moment before clicking past that security warning about an unsafe email? What about installation instructions that explicitly state to turn off your firewall and virus protection? I think, well that can't be right… hmmm. Gain an understanding of which security essentials should be introduced to students. This session will cover best practices that keep your Windows 8 computer safe and survey some of the threats that are directed toward the corporate world. Be prepared for the next tech trivia challenge, when the category covers SSL, IPSEC, Spoofing, Encryption, and more. Between the pop-up alerts on your computer to paranoia from the news, each of us should be thankful that we get through the day without having our identity stolen and our computer destroyed. The TSA thinks we are all safer if we take or shoes off while traveling. Really? Let us not take a similar approach with our own computer security.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Similar to Can You Steal From Me Now? Mobile and BYOD Security Risks (20)
My presentation at SuperStrategies on how to justify the cost of IT security. The key? Focus on how security can help reduce speculative risk instead of hazard risk.
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkMichael Davis
However, what’s interesting is that the CISOs we spoke with say neither of these approaches
effectively solves the problem. Quantitative risk analysis isn’t the end all, be all. Just because a
risk is scored at 98 out of 100 doesn’t mean it will be remediated. Besides cost, the business
significantly influences the decision of whether to spend money. And most surprising to us, in
the end, many CISOs told us they ignore all their own data, vendor input and pundit whitepapers
and made a gut decision.
Let’s be clear: Gut decisions are not useful. Very often they’re based on a confirmation bias, also
called confirmatory or “my side” bias. That’s the tendency for people to favor information that
confirms their preconceptions or hypotheses, regardless of whether the information is true. If
you have a confirmation bias that laptop theft is the largest concern, whether it is or not, you
will find a way to get disk encryption to be the highest-priority project.
Avoiding confirmation bias can be difficult. The first step is to realize that we’re all prone to it.
If you have a tendency to collect a lot of information and then ignore it, or always find yourself
debating the rest of the organization on which threats are most imminent, you may be more
susceptible than average. Try this exercise: Ask your peers to honestly assess whether they think you frequently make decisions based on gut instinct. Listen to what they say, and understand
that it’s almost impossible to build trust with an information source—such as your risk
assessment team—if you have this tendency.
Providing IT Security as a Service to internal stakeholders reduces risk while increasing audit ability. This is a presentation from the ISACA NACS 2012 conference.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
2. Agenda
• Trends that you must get in front of
• The Real Mobile Threats
• Data/Document Sharing Risks
• Ask Questions
3. Who am I?
• Michael A. Davis
– CEO of Savid Technologies
• IT Security Consulting
• Risk Assessments/Auditing
• Security Remediation
– Speaker at Major Security Conferences
• Defcon, CanSecWest, Toorcon, Hack In The Box
– Open Source Software Developer
• Snort
• Nmap
• Dsniff
8. Mobile Device Risks at Every Layer
• NETWORK: Interception of data over the air.
– WiFi has al the same problems as laptops
– GSM has shown some cracks. Chris Paget demo DEFCON 2010
• HARDWARE: Baseband layer attacks
– Memory corruption defects in firmware used to root your device
– Demonstrated at Black Hat DC 2011 by Ralf-Philipp Weinmann
• OS: Defects in kernel code or vendor supplied system code
– Every time iPhone or Android rooted/jailbroken this is usually the
cause
• APPLICATION: Apps with vulnerabilities and malicious code have
access to your data and device sensors
– Your device isn’t rooted but all your email and pictures are stolen,
your location is tracked, and your phone bill is much higher than
usual.
9. Mobile App Ecosystem
Mobile platform providers have different levels of
controls over their respective ecosystems
Platform Signing Revocation Approval
Android Anonymous, self-
signed
Yes No
iOS Signed by Vendor Yes Policy & Quality
Blackberry Signed with Vendor
issued key
Yes No
Windows Phone Signed by Vendor Yes Policy, Quality &
Security
Symbian Signed by Vendor Yes Quality
10. Malicious Functionality
1. Activity monitoring and data retrieval
2. Unauthorized dialing, SMS, and payments
3. Unauthorized network connectivity (exfiltration or
4. command & control)
5. UI Impersonation
6. System modification (rootkit, APN proxy config)
7. Logic or Time bomb
Vulnerabilities
7. Sensitive data leakage (inadvertent or side channel)
8. Unsafe sensitive data storage
9. Unsafe sensitive data transmission
10. Hardcoded password/keys
The Veracode Top 10 List
11. Activity monitoring and data retrieval
• Risks:
– Sending each email sent on the device to a hidden 3rd party address
– Listening in on phone calls or simply open microphone recording.
– Stored data, contact list or saved email messages retrieved.
• The following are examples of mobile data that attackers can monitor and
intercept:
– Messaging (SMS and Email)
– Audio (calls and open microphone recording)
– Video (still and full-motion)
– Location
– Contact list
– Call history
– Browsing history
– Input
– Data files
12. Activity monitoring and data retrieval
Examples:
Secret SMS Replicator for Android
http://www.switched.com/2010/10/28/sms-replicator-forwards-texts-
banned-android/
RBackupPRO for Symbian
http://www.theregister.co.uk/2007/05/23/symbian_signed_spyware/
13. Unauthorized dialing, SMS, and
payments
• Directly monetize a compromised device
• Premium rate phone calls, premium rate SMS texts, mobile payments
• SMS text message as a spreading vector for
worms.
Examples:
Premium rate SMS – Trojan-SMS.AndroidOS.FakePlayer.a
https://www.computerworld.com/s/article/9180561/New_Android_malware_
texts_premium_rate_numbers
Premium rate phone call –Windows Mobile Troj/Terdial-A
http://nakedsecurity.sophos.com/2010/04/10/windows-mobile-terdial-trojan-
expensive-phone-calls/
14. Exfiltration or command & control
• Spyware or other malicious functionality typically requires exfiltration to
be of benefit to the attacker.
• Mobile devices are designed for communication. Many potential vectors
that a malicious app can use to send data to the attacker.
• The following are examples of communication channels attackers can
use for exfiltration and command and control:
– Email
– SMS
– HTTP get/post
– TCP socket
– UDP socket
– DNS exfiltration
– Bluetooth
– Blackberry Messenger
16. UI impersonation
• Similar to phishing attacks that impersonating website of their bank
or online service.
• Web view applications on the mobile device can proxy to legitimate
website.
• Malicious app creates UI that impersonates that of the phone’s
native UI or the UI of a legitimate application.
• Victim is asked to authenticate and ends up sending their
credentials to an attacker.
Example:
Proxy/MITM 09Droid Banking apps
http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-
apps-market
17. Unsafe sensitive data transmission [CWE-319]
• It is important that sensitive data is encrypted in transmission lest it
be eavesdropped by attackers.
• Mobile devices are especially susceptible because they use wireless
communications exclusively and often public WiFi, which is known
to be insecure.
• SSL is one of the best ways to secure sensitive data in transit.
– Beware of downgrade attack if it allows degrading HTTPS to
HTTP.
– Beware of not failing on invalid certificates. This would enable a
man-in-the-middle attack.
19. Privacy Leaks
• Reveal sensitive information
• Defamation of others / organizations
• This can be inadvertent or deliberate
• And the repercussions include
– Reputation damage
– Damage to organization
– Fines
20. Unaware Users
• Photos contain data on location,
etc
• Twitter, FB post
Location
• FB/Twitter filter
photo data but
phone doesn’t
• Once a photo, video or message is sent by
mobile phone, the user can never regain total
control of the content.
21. Privacy Solutions
• It is the email threat all over again
• Inherit trust of “friends” leads to bad choices
• Facebook, twitter, myspace
– All rip with malware and privacy problems
• Instant Messaging is also a growing medium for
malware distribution
• This is nothing more than social engineering
USER EDUCATION IS KEY
22. Mobile Privacy
• Data Collection
• Data Retention
• Data Sharing
What do your apps do?
23. Mobile Document Access
• Encryption is opt-in by the developer
• Opening a document may copy it or even transfer it
• How can you control or guarantee the apps viewing
the document?
– GoodReader
– iAnnotate
• Company App Stores aren’t enough unless you are
also analyzing the app itself (most aren’t)
• Most apps rely upon device encryption which
requires the users password