Appcelerator safe from DROWN Attack

Last week the DROWN Attack vulnerability was announced which affects secure websites and other services using SSLv2 and TLS encryption. We took immediate action to disable SSLv2 on the handful of services where it had been enabled. All of our sites and services are now secure from this vulnerability. This includes ArrowDB and Arrow Cloud. […]

Update on recent Google Security Alerts

In February, a number of Titanium developers received Google Security Alerts for their apps. To learn more about this alert, see our initial blog post. TL;DR Owing to a somewhat simplistic security scan, Google has flagged an implementation of the X509TrustManager interface in a Titanium SDK class as unsafe. This class is by default not […]

Google Security Alert: Unsafe implementation of the interface X509TrustManager

UPDATE 3/9: Read our latest update on this issue. If you have a Titanium Android app in Google Play, you might receive an email from the Google Play Team or see a Security alert in the Google Play Developer Console. TL;DR Google detects a security issue in a Titanium class that by default is not […]

Five Practices for Secure Mobile Apps

By now, just about any IT pro or CIO has read dozens of stories on the Heartbleed bug, which exposed a flaw in the open-source OpenSSL cryptography library, which hundreds of thousands of websites and mobile apps use to secure data in transit. Heartbleed is a big deal, but for most IT pros and CIO’s, […]

Webinar: 5 Secrets to Deploy Secure Apps Your Employees Will Love

  Join Appcelerator and MobileIron for this webinar! As enterprises increasingly mobilize their employees, mobile apps for employees are storming to the front and center of corporate priorities. Securely building, deploying, and managing mobile apps isn’t impossible! In this webinar, “5 Secrets to Deliver Secure Apps Your Employees Will Love,” Appcelerator and MobileIron share 5 […]

The Titanium SDK and Certificate Validation

At Appcelerator we pride ourselves on our open-source platform and the freedom it gives other developers in the community to review our code. Recently, we were contacted by Sascha Fahl, a security researcher at Leibniz University concerned about some documentation in HTTPClient and the possibility of a man-in-the-middle attack with the default HTTPClient settings. As of the moment, […]


Sign up for our blog!

Want to Contribute?

Have a story or quick tip to share? We welcome your contribution to our blog.
Drop Us an Email