In one case, a provider of B2B services gave out a mobile SDK to its customers to integrate into their applications […] The SDK had a hard-coded AWS token to access an Amazon-powered translation service. However, that token granted full access to the provider's backend systems, rather than just the translation tool
🤷
In another example of what not to do in mobile app development: the security shop found five iOS banking apps that used the same vulnerable AI digital identity SDK. […] In this case, the SDK included embedded credentials that exposed users' biometric digital fingerprints used for authentication along with names and dates of birth
😶
We still have a lot to do for security in app development…