There is a number that most CISOs in the UAE know by heart: AED 5.9 billion. That is the estimated annual cost of cyberattacks to UAE organisations. What most CISOs do not know is how much of that cost is attributable to mobile applications because the honest answer is that nobody is tracking it yet....
Third-Party SDKs: The Supply Chain Risk Hiding Inside Your Mobile App
Third-Party SDKs: The Supply Chain Risk Hiding Inside Your Mobile App When the OWASP Foundation published the updated Mobile Top 10 for 2024, the most significant change was the elevation of supply chain risk to the number two position. Not authentication. Not data storage. Supply chain specifically, the security of third-party SDKs and libraries embedded...
SAMA vs NESA: A Dual-Compliance Playbook for GCC Financial Institutions
Key takeaways GCC banks now answer to SAMA, NCA, TDRA, SIA, CBUAE and the UAE Cybersecurity Council — six authorities, overlapping but incompatible control catalogues. Mobile is where the gaps surface fastest. SAMA Cyber Security Framework v1.0 (May 2017) is the working standard for Saudi banks, insurance companies and finance companies, with a 6-level maturity model. The...
Mobile App Security in CI/CD: A Practical Integration Guide for Android and iOS Teams
Key takeaways Mobile shift-left is structurally different from web shift-left: ephemeral builds, signing identities, store review cycles, two codebases (Android + iOS), three test layers (static + dynamic + device). Four pipeline patterns work in 2026: GitHub Actions, GitLab CI, Bitbucket Pipelines + Fastlane, Azure DevOps. This article covers integration patterns for each. Don’t hard-block on day one. The...
India Fintech’s Mobile Security Problem: What RBI, CERT-In, and DPDP Actually Require
Key takeaways Indian fintech mobile teams sit under a three-layer regulatory stack: prudential (RBI Master Direction on IT Governance, effective 1 April 2024), technical (CERT-In Directions, April 2022, 6-hour reporting), and privacy (DPDP Rules 2025, substantive provisions live 13 May 2027). The RBI Master Direction (RBI/2023-24/107) requires VAPT every 6 months on critical systems and annually on...
Inside a Mobile Banking App Breach: A Forensic Walkthrough of What Goes Wrong
Key takeaways Modern mobile banking compromises are chained, not single-exploit events: lure → dropper → accessibility-service abuse → overlay attack → credential theft → device takeover → fraudulent transaction. The Android banking trojan ecosystem in 2024–2026 is dominated by Anatsa, Crocodilus, TrickMo, Hook, Octo, Godfather and their forks. ThreatFabric documented Crocodilus expanding from Spain/Turkey to 8 countries including India, Brazil,...
₹250 Crore Risk: A Complete DPDP Act Compliance Checklist for Mobile Apps in India
Key takeaways The DPDP Rules 2025 were notified on 13 November 2025 by MeitY. The Data Protection Board of India is now constituted. The substantive obligations come into force on 13 May 2027 — every Indian mobile app and every foreign app serving Indian users has 18 months to comply. The maximum penalty is ₹250 crore per violation for failure to...