Introducing Malloc App Security

We created a library that helps you protect your mobile app from spyware, fraud, and hacking attempts in real-time.

Three years ago, we launched Malloc — a mobile app that has been downloaded by more than 1 million users to protect their devices from spyware, phishing, data trackers, and other online threats. Through this journey, we’ve learned a lot about spyware and hacking attempts!

1. Advanced spyware injects code into vulnerable libraries in your app to steal your data.
2. You can’t rely on the user providing the correct username and password to protect from fraud — the dark web is full of credentials and phishing calls have become an everyday reality.
3. You need app security tools that can operate in real-time.

Let me elaborate.

Did you know that advanced spyware such as Pegasus and Predator attack your apps by penetrating into vulnerable libraries?

Spyware tools like Pegasus from NSO and Predator can infiltrate devices without any interaction from the user, through zero-click exploits that take advantage of weaknesses in apps. This was how Jeff Bezos was hacked — his phone was compromised after receiving a malicious video file sent via WhatsApp, which led to a massive data breach and exposed sensitive information. All due to a vulnerable library WhatsApp was using.

At the same time, most app owners have no idea where their app sends data! Even we, at Malloc, developing a privacy and security app, discovered that our app was sending data to Facebook. Wait, what? YES! It was not us, of course — well yes and no. One of the libraries that we included in our app included the Facebook SDK, which allowed Facebook to collect our users’ data — ofcourse we acted on it and notify the library aswell.

In 2024, users are getting hacked by phishing calls, their credentials are available in the dark web, with the recent incident of Evolve Bank also affecting WISE. So protecting from spyware and vulnerable libraries is not enough. The personal data of millions of customers from all over the world are now on the dark web as a result of ransomware and other cyber attacks.

Calls from fake “support centers” asking for credentials or 2FA codes are an everyday reality, and many people fall into the trap.

In more sophisticated attacks, hackers exploit SIM swapping and port-out fraud to convince telephony providers that they are the legitimate account holders. Once they gain access to your SIM card, they use text-based 2FA to take control of accounts and apps. For example, Sharon Hussey, a woman living in Maryland, received an email from a Verizon store in California thanking her for purchasing a new phone. Shortly after, $17,000 was wiped from her account because an attacker had verified a new phone number with her bank and received the 2FA codes.

Most importantly, all apps that have been hacked, had some level of security protection. But none of them could protect their users and prevent the hacking attempt.

So we decided to do something about it and we created Malloc App Security! An SDK library that other apps can integrate to protect from spyware, fraud and hacking attempts.

With Malloc you can:

🚷 Block unwanted data sharing to unwanted domains, spyware, trackers, or countries.

🕵️‍♂️ Get notified when Malloc detects changes in the behavior of your app — with particular focus on its data collection and sharing practices. Detect vulnerabilities, changes in permissions, vulnerable libraries, tampering or repackaging

🔒 Protect from fraud. Malloc monitors and detects abnormalities in user behavior and characteristics and notifies you in real-time — this helps you identify when an attacker is using the app insted of the legit user.

❓ Why Malloc?

➡️ Existing mobile app security solutions focus on development or pre-release security. Malloc notifies you about abnormalities and vulnerabilities even after you have released it to the store and helps you protect your app and your users data in-real time without needing to release a new update.

➡️ Malloc offers you real-time monitoring and action for every device , for every user using your app. Protect your users by detecting abnormal behaviour.

➡️ Integrates in 3 lines of code!

➡️ Malloc’s performance improves over time. We use AI to detect anomalies in app usage behavior, fingerprinting, and domains contacted to help you better protect your app.

If you would like to try it out and protect your mobile app let us know at sales@mallocprivacy.com ! We are currently onboarding for pilots and have an exclusive offer for our very first users.