Upwardly Mobile - API & App Security News cover art

Upwardly Mobile - API & App Security News

Upwardly Mobile - API & App Security News

Written by: Approov Mobile Security
Listen for free

About this listen

 Think the App Store’s built-in security is enough? Think again.

Welcome to Upwardly Mobile, the podcast that exposes the gaps in iOS, Android, and HarmonyOS security. Hosts Skye and George take you into the high-stakes world of mobile defense, revealing why standard protections from Apple, Google, and Samsung often leave your sensitive data exposed. Sponsored by Approov—the gold standard in mobile app attestation—we move beyond the basics to tackle weaponized AI threats and dynamic API attacks. From runtime attestation to navigating complex compliance regulations, we equip developers and security pros with the actionable strategies needed to thwart attackers. Don’t leave your app vulnerable.

Subscribe now on Spotify and Apple Podcasts to elevate your security game.Copyright 2025 Approov Economics Personal Finance Politics & Government
Episodes
  • The Punkt MC03: Can You De-Google Without the Headache?

    The Punkt MC03: Can You De-Google Without the Headache?
    Jan 13 2026
    In this episode, we explore the landscape of "privacy-first" smartphones, focusing on the newly unveiled Punkt MC03. We break down whether this Swiss-designed, German-made device can finally offer a viable alternative to the data-harvesting giants of the mobile world. We discuss the trade-offs of leaving the Google ecosystem, the unique "subscription-based" operating system model, and whether the return of the removable battery signals a shift in hardware trends. Key Topics & Timestamps:
    • The "De-Googled" Promise: The Punkt MC03 runs AphyOS, a custom version of Android that strips out Google Mobile Services to minimize background tracking and profiling.
    • AphyOS & The Subscription Model: Unlike standard Android phones, the MC03 relies on a subscription model (approx. $10/month after the first year) to fund security updates and infrastructure rather than selling user data to ad networks.
    • Security Architecture: The device splits the user experience into a secure "Vault" for vetted apps (like Proton and Signal) and a "Wild Web" environment for general Android apps, allowing users to isolate risky applications.
    • Hardware Highlights: The phone features a 6.67" OLED screen, IP68 rating, and a 5,200 mAh removable battery—a design choice driven by upcoming EU regulations regarding repairability.
    • Overcoming Past Failures: We discuss how the MC03 improves upon the "difficult-to-recommend" MC02 with a smoother onboarding process, an improved 64MP camera, and the option to install the Play Store for users who can't go fully cold-turkey.
    • The Competition: How the MC03 stacks up against other privacy-focused devices like the Murena Fairphone and other non-GMS ROMs like GrapheneOS.
    Sponsor: This episode is brought to you by Approov. Protect your mobile APIs from scripts, bots, and modified apps. Ensure that the requests you receive are from the genuine mobile app you released.
    • Visit approov.com to learn more about comprehensive mobile app security.
    Relevant Links & Source Materials:
    • ZDNET Review: Want real phone privacy? This $700 handset promises it – Coverage of the US launch, pricing, and removable battery features.
    • Android Police Coverage: Can you de-Google without the headache? – An in-depth look at the onboarding improvements and specs.
    • Punkt Official Site: The MC03 Product Page – Direct specs and philosophy from the manufacturer.
    • Murena / /e/OS: The Murena Fairphone Review – Context on the competitor mentioned in the episode.
    Keywords: Punkt MC03, AphyOS, Non-GMS, De-Google, Mobile Privacy, Data Sovereignty, Removable Battery, Android Security, Fairphone, Murena, Apostrophy OS, Mobile Security.

    Disclaimer: Information regarding pricing ($699 device / $10 monthly sub) and release dates (Spring 2026 for US) is based on reports from ZDNET and Android Police coverage of CES 2026.

    🎙️ Upwardly Mobile is hosted by Skye Macintyre & George McGregor. 🛡️ Sponsored by Approov: The only comprehensive solution for mobile app and API security. 👉 Subscribe & Review: Upwardly Mobile | Podcast

    This episode includes AI-generated content.
    Show More Show Less
    11 mins
  • Unmasking "Wonderland" – The New Wave of Android Droppers & SMS Stealers

    Unmasking "Wonderland" – The New Wave of Android Droppers & SMS Stealers
    Jan 6 2026
    In this episode of Upwardly Mobile, we dive deep into the evolving landscape of Android malware. We break down the emergence of Wonderland (formerly WretchedCat), a sophisticated SMS stealer targeting users in Uzbekistan through legitimate-looking "dropper" applications. We explore how threat actors, specifically the "TrickyWonders" group, are leveraging Telegram and malicious ad campaigns to bypass security checks and hijack devices. We also discuss the broader trend of Malware-as-a-Service (MaaS), including new threats like Cellik, Frogblight, and NexusRoute that are lowering the barrier to entry for cybercriminals globally. From real-time screen streaming to bypassing Google Play protections, we analyze the tactics defining modern mobile security threats. Key Topics Discussed:
    • The Rise of Droppers: How malware operators are shifting from "pure" Trojans to "droppers" (like MidnightDat and RoundRift) that appear harmless to evade detection before deploying payloads.
    • Wonderland's Capabilities: How this malware establishes bidirectional communication to intercept OTPs, steal contacts, and execute USSD requests.
    • The MaaS Economy: A look at the "Cellik" RAT, which offers one-click APK building to bundle malware inside legitimate apps, and "Frogblight," which targets users via fake court documents.
    • Government Impersonation: How "NexusRoute" is targeting users in India by mimicking government service portals to steal financial data and UPI PINs.
    • Defense Strategies: The importance of blocking unknown source installations and monitoring for suspicious SMS/USSD patterns.
    Sponsored By: This episode is brought to you by Approov. Stop mobile app abuse and API misuse. Ensure that the requests your API handles are from the genuine mobile app running on a safe mobile device. 👉 Visit our sponsor: https://approov.io Relevant Links & Source Materials:
    • The Hacker News: Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
    • SC Media: Android malware Wonderland evolves with dropper apps targeting Uzbekistan
    • Cypro: Security Analysis of Android Malware Operations
    Keywords: Android Malware, Wonderland, SMS Stealer, Dropper Apps, Mobile Security, Remote Access Trojan (RAT), TrickyWonders, Cybersecurity, One-Time Password (OTP) Theft, Malware-as-a-Service, Approov.

    🎙️ Upwardly Mobile is hosted by Skye Macintyre & George McGregor. 🛡️ Sponsored by Approov: The only comprehensive solution for mobile app and API security. 👉 Subscribe & Review: Upwardly Mobile | Podcast

    This episode includes AI-generated content.
    Show More Show Less
    11 mins
  • 2026 Mobile API and AI Security Predictions

    2026 Mobile API and AI Security Predictions
    Dec 29 2025
    2026 Mobile API and AI Security Predictions

    Episode Summary: In this episode of Upwardly Mobile, we audit the accuracy of Approov’s 2025 cybersecurity forecast. Of the seven trends predicted, four proved to be "absolutely correct." We break down these key hits: the dual-use of AI by attackers and defenders, the undeniable dominance of cross-platform development, the crackdown on open-source supply chain risks, and the heavy impact of new global breach reporting mandates.

    The 4 Mobile Security Trends That Defined the Year

    Key Topics — The 4 Correct Predictions:
    1. AI’s Double-Edged Sword: We discuss how 2025 wasn't just about AI hype—it was about operational impact. Attackers utilized LLMs to lower the bar for API abuse and generate scripts to bypass WAFs, while defenders leaned on AI for anomaly detection and scan interpretation to speed up code reviews.
    2. Cross-Platform is King: The prediction that cross-platform development would be "the way forward" held true. We analyze how Flutter and React Native maintained dominance in 2025, becoming the norm for enterprise and fintech apps, though Huawei’s HarmonyOS remained a regional outlier.
    3. The Open Source Crackdown: Scrutiny on open-source software (OSS) intensified as predicted. With attackers targeting ecosystems like npm and PyPI, and regulations like the EU CRA enforcing SBOMs, organizations were forced to verify their supply chains and adopt runtime protection to catch tampering.
    4. The Breach Reporting Crunch: Approov correctly forecasted that breach reporting would demand massive investment. With the EU NIS2 Directive and PCI DSS 4.0 coming into full effect, the focus shifted from simple disclosure to operational resilience—requiring companies to report incidents in hours, not days.

    Featured Resources & Links:
    Approov Report: Approov Predicted 7 Mobile Cybersecurity Trends for 2025 - Did They Happen? – The full retrospective on which predictions hit the mark and which were too optimistic (like the adoption of certificate pinning).
    Expert Insights: LW Roundtable: Mandates Surge, Guardrails Lag – Further reading on the friction between compliance mandates and security realities.

    Sponsor: This episode is brought to you by Approov. Don’t let your mobile app be the weak link. Approov provides comprehensive runtime security, ensuring that only your genuine app communicates with your API.
    Visit: approov.io
    Solutions: Runtime Secrets Protection and Mobile API Security.

    Keywords: Mobile Security, Cybersecurity Predictions, AI Threats, Flutter, ReactNative, Open Source Security, SBOM, NIS2 Compliance, Supply Chain Attacks, Approov, API Security.

    🎙️ Upwardly Mobile is hosted by Skye Macintyre & George McGregor. 🛡️ Sponsored by Approov: The only comprehensive solution for mobile app and API security. 👉 Subscribe & Review: Upwardly Mobile | Podcast

    This episode includes AI-generated content.
    Show More Show Less
    12 mins
No reviews yet