see 2021
Session / Identity for Security

Mobile Application Impersonation

Tuesday, June 22
3:00pm - 3:25pm MDT

In much of today's mobile application deployments, the implementations of OpenID Connect and OAuth2 are susceptible to app impersonation. The reason for this is due to mobile applications being classified as "public" (can not protect a secret) clients and hence there is no mechanism for client authentication and limited mechanisms for callback protection. This talk will describe how the attacks work today and mitigations to protect your mobile applications from such threats.