Apple vulnerability does not affect Alibaba APP

Apple vulnerability does not affect Alibaba APP

SourceDNA, an American application analysis service company, released a report on Monday saying that 1,500 iOS applications have "HTTPS-crippling" vulnerabilities and mentioned the "Alibaba.com" mobile application (Alibaba's overseas B2B business). Alibaba's mobile security team immediately confirmed the risk. The "Alibaba.com" mobile application has long used its own certificate strong verification measures, so it will not be affected by the SDK that broke out this time and other third-party SDKs, and there is no risk of user information leakage.

In addition, according to the implementation principle of this vulnerability, if a hacker wants to use the HTTPS-crippling vulnerability that has been exposed this time to attack applications with strong certificate verification, he must manually install the certificate on each mobile phone before launching an attack. This is almost impossible to achieve in actual scenarios. It is a low-risk vulnerability and users do not need to worry too much.

Alibaba attaches great importance to the protection of user information. For highly sensitive business data such as user information, transaction data, and order information, we use the industry's best security practices, continuously upgrade encryption algorithms, and use advanced signature encryption measures during data transmission to ensure the security of user information.

With the continuous development of mobile Internet, Alibaba has established a special mobile security department with many top security experts, and independently developed the "Ju Anquan" platform to escort Alibaba's mobile business throughout the process, providing real-time detection and comprehensive monitoring for all Alibaba mobile applications, and being able to discover risk vulnerabilities and malicious code in the first place and repair them in full. In addition, it uses self-developed security reinforcement and security component SDK functions to improve the security of Alibaba's APP code to prevent it from being attacked by hackers. The core information transmitted by the APP is also encrypted at multiple levels and cannot be decrypted through channels other than Alibaba.

Mobile Internet security requires the joint efforts of the whole society, so Alibaba has also opened its self-developed "Ju Anquan" platform to the industry and developers for free, providing full-link security services for more mobile apps. http://jaq.alibaba.com/

<<:  Facebook dominates mobile! Daily active users reach 800 million

>>:  If you turn on WiFi, your phone will be attacked fatally?

Recommend

How to create a hit marketing plan?

In 2019, we saw all kinds of people spreading kno...

Samsung is doomed? Which domestic mobile phone company can take over?

With powerful marketing methods and the hype crea...

How to make the voice you send sound better?

Addendum 1: Sorry to disappoint you! This article...

How to conduct refined data operation analysis?

The degree of refinement of efficient operations ...

Why do cacti have thorns?

When you think of cactus, what comes to mind firs...

Tips for increasing followers using Tik Tok algorithm!

What I’m going to show you today is how to quickl...

It’s 40℃ now. Will it get hotter? The answer may make you “crash”…

Recently, many parts of the country have seen hig...

Quantum computers: a three-step leap from the laboratory to changing the world

Quantum computers have been one of the hottest st...

Aite Tribe Stories (8): Following the Dream and Starting a Business

[51CTO.com original article] The fish who longs t...

Who is guaranteed a job after graduation? This animal "school" is not ordinary

Every spring we receive a large number of young o...