Twitter recently announced that on December 24, 2019, it became aware of a large network of fake accounts that were abusing the company’s API to match phone numbers to user’s accounts. Twitter noted that these attacks may be connected to state-sponsored actors from Iran, Israel, and Malaysia.
Today at one of Google I/O’s morning sessions, Svetoslav Ganov (Android Team engineer) and Charmaine D’silva (product manager) discussed some of the privacy changes in Android Q. They also highlighted best practices for building privacy forward apps.
This is the eighth part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at how to mitigate the security risks associated with APIs.