Mobile Application Impersonation

In much of today's mobile application deployments, the implementations of OpenID Connect and OAuth2 are susceptible to app impersonation. The reason for this is due to mobile applications being classified as "public" (can not protect a secret) clients and hence there is no mechanism for client authentication and limited mechanisms for callback protection. This talk will describe how the attacks work today and mitigations to protect your mobile applications from such threats.