• Sven Schleier's Brain Dump Blog (Mobile AppSec Tech Blog)
• A 3-Part Mobile App Security Testing Checklist to Build Your Program
• Mobile App Session Replay & Its Privacy Impact
• How to Spot a Fake Android App
• How to Protect Mobile Apps from MiTM Attacks
• Peering Inside the Mobile Attack Surface
• How to Staff a Strong Mobile AppSec Team
• Think Twice Before Adopting Security By Obscurity in Kotlin Android Apps
• AppSec Threat Modeling: How to Map Your Mobile App Portfolio to OWASP MASVS
• How to Conduct Jailed Testing with Frida
• What to Look for When Reverse Engineering Android Apps
• Adventures in Remote Code Execution and Zip File Vulns — from Samsung and Vungle to ZipperDown
• Certificate Pinning and Hostname Verification: Don’t Get Pinned by a Mobile Man-In-The-Middle Attack
• A security analyst’s guide to NSAppTransportSecurity, NSAllowsArbitraryLoads, and App Transport Security (ATS) exceptions