Is security an afterthought when designing apps?

Mobile applications only become really useful if combined with cloud-based services. We have observed that the increasingly short time to market may cause serious design flaws in the security architecture. In this talk I will highlight some flaws discovered in the past. For example, we looked at nine popular mobile messaging and VoIP applications and evaluated their security models with a focus on authentication mechanisms. We find that a majority of the examined applications use the user's phone number as a unique token to identify accounts; they contain vulnerabilities allowing attackers to hijack accounts, spoof sender-IDs or enumerate subscribers. Other examples pertain to (already fixed) problems in cloud-based storage services such as Dropbox.