• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

iOS apps could really benefit from the newly proposed Security.plist standard

by technewshero
November 29, 2019
in Security
0
Share on FacebookShare on Twitter
securityplist.png

Image: Ivan Rodriguez

Earlier this month, security researcher Ivan Rodriguez proposed a new security standard for iOS apps, which he named Security.plist.

The idea is simple. App makers would create a property list file (plist) named security.plist that they would embed inside the root of their iOS apps.

The file would contain all the basic contact details for reporting a security flaw to the app’s creator. Security researchers analyzing an app would have an easy way to get in contact with the app’s creators.

Inspired by security.txt and its great success

Rodriguez said the idea for Security.plist came from Security.txt, a similar standard for websites, that was proposed in late 2017.

Security.txt is currently going through an official standardization process at the Internet Engineering Task Force (IETF), but it has been widely adopted already, and companies like Google, GitHub, LinkedIn, and Facebook, all have a security.txt file hosted on their sites, so bug hunters can get in touch with their respective security teams.

Rodriguez, who is an amateur bug hunter in iOS apps, said he decided to propose a similar thing for iOS apps because getting in touch with an app’s dev or security team has been a problem in the past.

“I spend most of my free time poking mobile applications which has lead me to find many vulnerabilities and I have yet to find one that has an easy way to find the correct channel to responsibly disclose these issues,”Rodriguez told ZDNet in an email this week.

“More often than not, I have to write an email to a generic [email protected] or fill out a form on the company.com/contact website. Most of these channels are handled by people in marketing or sales, who might have no idea how to respond, what to do or even to identify if it’s a real problem,” the researcher said.

He argues that this would be much easier if the appropriate contacts would be listed in a plist file hosted in the app’s root.

No plans to reach out to Apple, yet

For now, Rodriguez has only put forward the idea. He wants to see how app makers feel about the idea.

“So far, I’ve gotten great reactions but might be because most of the people I follow or follow me are pro ‘application security’,” Rodriguez told ZDNet. “It might be a bit too early to tell, but I really hope either security.plist or any other way to deploy contact information on mobile apps catches on.”

The security researcher has not yet reached out to Apple, the only entity that could make security.txt mandatory for all iOS apps.

“I think it’s too early,” Rodriguez said. “Even though Apple does a great job when it comes to security practices, mandatory security asks are hard to enforce, as we’ve seen with App Transport Security (ATS).”

A website to help iOS app makers get started

To help move things along, Rodriguez published a website for security.plist where app makers can generate a basic file to include inside their apps.

“I hope mobile developers see security.plist as an initial step to work closely with the security community,” Rodriguez said.

Previous Post

Currys’ PC gaming deals offer big savings on AMD Ryzen CPUs

Next Post

WhatsApp: Government Plans Security Audit of Chat App After Hacking Attempt

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post

WhatsApp: Government Plans Security Audit of Chat App After Hacking Attempt

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

The best swim watch 2020: what you should be wearing in the pool

January 28, 2020
The DHS Prepares for Attacks Fueled by 5G Conspiracy Theories

The DHS Prepares for Attacks Fueled by 5G Conspiracy Theories

December 15, 2020

Security firm claims it can unlock any iPhone

June 18, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?