Guardsquare

02/06/2026

Every Tuesday in June, we’re going to share insights about mobile application security testing (MAST).

69% of organizations now consider API-related fraud a serious threat.
Yet many mobile security programs still focus primarily on finding vulnerabilities in code while overlooking how compromised mobile apps interact with backend APIs.

Testing is essential. But testing should also help answer:
• Can an attacker manipulate app behavior?
• Can they abuse APIs using a modified app?
• Can they bypass client-side controls?

Finding vulnerabilities is only the first step. Understanding how they can be exploited is where real risk reduction begins.
https://hubs.la/Q04jt9FX0

28/05/2026

According to a new PYMNTS report, nearly one-third (31%) of consumers used a mobile wallet app in a store in the last seven days (up from only 14% in August 2024).

Mobile wallets are maturing, thanks to the speed and convenience they offer shoppers. Wallet use overall (iOS and Android combined) has more than doubled over the past year. To compete with major players (e.g., Apple, Google, Venmo), many retailers are introducing their own branded mobile apps with embedded payment capabilities, plus special features like Buy Now/Pay Later (BNPL) and loyalty programs.

However, some offerings may lack the comprehensive security features used by mature financial systems – like mobile banking apps. Mobile fraud attacks in ecommerce continue to be a major problem, including:
• Credential theft and account take over (ATO) instances
• Loyalty program and rewards points theft
• BNPL abuse

Apple Pay has spent 11 years teaching consumers to tap their phones at checkout, but the bigger story may be how many rivals are now benefiting from that

27/05/2026

A recent TrendCandy survey showed that 84% of mobile app developers now acknowledge that OS-level protections alone are insufficient to truly secure their mobile app.

The vast majority say that they prefer security that covers the entire software development lifecycle, from early stage planning through to release and maintenance.

Guardsquare provides mobile app developers with comprehensive security across the SDLC, with features like:
🔒Code hardening
🏃Runtime defenses
♾️ Automated mobile app security testing
⏱️ Real-time threat monitoring
✅ API security

Read more in the full report here: https://hubs.la/Q04hXZsy0

26/05/2026

Is your app a laboratory for "Frankenstein Fraud"? 🧪

Mobile synthetic identity fraud is growing, fast. It’s become a sophisticated "Frankenstein" threat where fraudsters stitch together real data fragments with deepfakes and emulator farms to create synthetic identities that perform scalable, real fraud.

Because these synthetic identities contain elements of real data, they bypass traditional KYC verification measures. Once accounts are created, they can wreak havoc on your financial ecosystem.

In our latest blog, we break down:
- How these "stitched-together" identities are animated.
- The tactics used to bypass KYC security and auto scale fraud campaigns.
- Proactive, server-side and runtime protection strategies to stop the monster before it takes its first breath.

Don't wait for a breach to secure your application against this evolving fraud monster.

Read the full breakdown here:

Learn how fraudsters use deepfakes and emulators to commit mobile synthetic identity fraud, and how RASP and app attestation protect your app.

22/05/2026

Mobile apps operate in environments that enterprise security teams don’t fully control. This means that even though APIs are protected by cloud security controls, teams don’t know if the apps making API calls are legit, creating a gap between the backend and the mobile app.

Our recent article published in VMblog dives into this trust gap, and how teams can secure their mobile apps to prevent API abuse.

Check out the article below 👇

Enterprise security teams spend enormous effort securing cloud infrastructure, APIs, and backend systems. Yet many still overlook a critical question.

20/05/2026

Interpol assessments of global financial crimes have found that AI-enhanced fraud is 4.5 times more profitable than traditional fraud methods.

With finance and banking becoming more mobile, these apps are a prime target for fraudsters. From malicious clones to overlay attacks, sophisticated attacks can leave users’ data exposed and organizations in breach of compliance.

By utilizing multi-layered mobile app security, you can protect your customers from fraud activities and your organization in line with industry regulations.

Source: https://hubs.la/Q04h25zL0

19/05/2026

Android performance debugging gets complex when you are modifying bytecode. To truly understand what is happening under the hood, you have to factor in the intricacies of the Android Runtime (ART).
Our engineering team breaks down the real-world techniques they use to debug:
→ Java/Kotlin bottlenecks
→ bottlenecks across the JNI boundary
→ AOT compilation fallbacks
→ and other hidden runtime costs

We’ve Included practical workflows for:
• Profiling: Using Perfetto and simpleperf.
• Inspecting ART compilation: Using dex2oat, oatdump, and Baseline Profiles.

One of the biggest lessons: Finding the root cause of a slowdown requires looking beyond the profiler output and having a deep understanding of Android runtime behavior.

Check out our new deep dive:

Compiler-based protection is the most effective way to secure a mobile application. Discover lessons from bytecode experts on debugging app performance.

15/05/2026

New research from Thales (via HelpNetSecurity) reveals that AI-driven bot activity increased more than tenfold (12.5X) in 2025, with daily blocked requests rising from 2 million to 25 million.

Automated traffic accounted for 53% of all observed internet traffic in 2025, with bad bots making up 40%. And APIs continue to be a primary target, with 27% of bot attacks directed at API endpoints.

Fraud attacks targeting mobile applications (e.g., banking, retail, insurance, healthcare) increasingly use automated bots that target APIs to connect with backend account services. Mobile app designers need dedicated mobile API security to prevent fraudulent transactions.

13/05/2026

In a 2025 report from Verizon, 85% of organizations said that mobile attacks were increasing.

As attacks rise, so does the need to secure your mobile apps.

Guardsquare offers the highest level of protection for mobile apps, combined with automated mobile app security testing and real-time threat monitoring.

Source: https://hubs.la/Q04gd4cJ0

12/05/2026

As mobile applications become indispensable to many industries, securing those apps is now a line-of-business concern.

From financial services, to healthcare, to telecommunications, to retail – mobile apps need their own dedicated security to help prevent fraud, safeguard private information, protect proprietary IP, ensure business continuity, and maintain compliance.

Guardsquare is the leader in mobile app security covering the full application development lifecycle. In our latest blog, industry-leading customers from around the world explain why they chose Guardsquare to address their specific mobile app security needs.

Discover why customers in banking, healthcare, telecom, and retail trust Guardsquare for complete mobile app security across the full app lifecycle.