CompTIA and viaForensics have just launched a new set of in-depth exams on mobile application security. The Mobile App Security+ exams are structured to ensure that candidates have the specific knowledge required to build native iOS or Android applications that secure local data, off-device communications, and back-end services.

Zetetic had an opportunity to review the exam objectives before launch, and they promise to ensure a solid foundation in a wide range of mobile security topics. If you're not yet convinced that mobile applications need an even greater focus on security, the article that accompanies the test program, Why Mobile App Development is a Risky Business, will change your mind by providing an realistic overview of common risks and challenges.

Registration for the Beta exams is free for a limited time (use promo codes "MAPS ADR Mkt beta" or "MAPS iOS Mkt beta") and definitely worth checking out for anyone building mobile applications today.

Discussing new tools and good techniques with Zetetic and The Guardian Project

On Thursday June 6th Zetetic and The Guardian Project will be hosting an evening of short talks and conversation about the how and why of building secure mobile applications that keep the user's data encrypted and hidden from prying eyes. We'll have a few short presentations on tools like SQLCipher, IOCipher, and NetCipher and how they can be used in modern applications. We'll answer questions about general strategies and specific toolkits, and our developers will be available to chat afterwards over pizza and beer.

The event will be held at New Work City in New York, a fantastic coworking and event space at the edge of Tribeca and Chinatown, from 7-10pm. If you'd like to join us, please RSVP on eventbrite.com (it's free) so we can have an idea of how many folks to expect.

The evening's agenda will feature two or three short presentations discussing what's involved in building more secure applications, why this should be a critical focus for all developers, and how to easily integrate tools into your own projects, followed by Q&A for each. We'll also hold a slot open for short talks from members of the community who would like to share information on security-related projects they are working on (send us a note if you'd like to present a bit about your project).

After the discussions wrap up, we'll break for snack and chat time, and will be available to discuss the toolkits involved and approaches to application security in general. We can answer questions in a one-on-one capacity, discuss future plans for these projects, and we'd love to get your feedback if you're already using SQLCipher or one of the Guardian toolkits.  

This will also be a good opportunity for those interested in the further development of these libraries to meet up in person, we're really looking forward to that. So please join us! Bring your own projects, tell us what you're working on, let's talk some crypto!

We're very excited to announce that Zetetic has been invited by Google to participate in the 2013 Developer Sandbox at the Google I/O conference.

We'll be featuring the newest release of STRIP, our highly rated secure password manager and data vault, and talking about our experience implementing multi-device synchronization using Google Drive and SQLCipher encrypted databases across four development platforms.

The Developer Sandbox will be a great opportunity to meet other developers. If you're at Google I/O this year and are interested in Google Drive integration, database encryption, or just need a password manager, please stop by and meet with us on Thursday, May 16.

We're excited to announce the release of STRIP 2, our most significant version yet, featuring several new features, bug fixes, and strengthened database security. Some of our favorite new features include:

• Sync via Google Drive
• A brand new iPad application
• Auto-lock for STRIP for Windows and STRIP for OS X
• Configurable field masking to hide sensitive data from view
• 40 brand new professionally designed icons 
• Improved synchronization speed
• Improved database security and tamper resistance
• Many other improvements and bug fixes

The new version of STRIP is available immediately for all platforms: iPhone, iPad, Android, Windows, and OS X. Read on for a full list of changes.

Introducing STRIP for iPad

We’re especially proud to release a new native version of STRIP for the iPad, with all features optimized for your tablet's interface.

Checkout STRIP for iPad in the iTunes App Store

Important Note: STRIP for iPad is available as an optional separate purchase from the App Store. Please be assured that we are still very committed to STRIP for iPhone, which has received all of the same feature updates in STRIP 2, still works on the iPad, and will continue to be a core supported STRIP platform.

Important Upgrade Notes

Instructions for updating each STRIP are available on our FAQ.

• Please backup your mobile devices and desktop databases before upgrading, either via WiFi or Dropbox.
• After the upgrade, password and PIN fields will be masked by default using dots to hide your most sensitive data from onlookers. You can quickly reveal these values, copy them to the clipboard, or disable this feature globally. Learn More about Masking »
• To improve security and accomodate service updates you will need to reconfigure Desktop synchronization in OSX and Windows under the Preferences Window after upgrading. Learn More about Syncing »
• When you log in to STRIP 2 for the first time the database format will be updated. Due to database file and feature improvements, STRIP 1.x will not sync with STRIP 2. Therefore, you should plan to update all of your devices and applications to STRIP 2 at around the same time. More information is available on our upgrade FAQ.

Goodbye, StripSync

Finally, we must announce the final end of support for StripSync, the old and venerable backup application that was officially retired in May 2012. While StripSync continued to work over the past year, the new version of STRIP breaks compatibility in order to provide new features and security improvements.

STRIP mobile customers using StripSync can now backup and synchronize multiple devices for free using Google Drive or Dropbox. Users interested in a desktop application are encouraged to check out STRIP for Windows and STRIP for OS X which provide a full-featured editing interface plus support for both WiFi and cloud synchronization. Learn more about replacing Strip Sync ».

We're Here to Help

Full List of Changes

Here is a full list of all the changes in the new version.

STRIP for Windows and OS X

• Sync with Google Drive or Local Folder
• Optional masking and hiding of fields from display (automatically enabled for passwords and PINs) 
• Automatic lock when not in use (configurable in Preferences) 
• New field control with options to create new labels and random values 
• Improved long note editing and line breaks 
• Right-click on fields for quick access Context menu with Copy, Delete, Hide / Show, and Random generator options 
• New random password generator available
• 40 new professionally designed icons 
• Enables new database security features (tamper resistence via per-page HMAC protection)
• Allows renaming of backup files in Backups 
• Optional OS X notification when STRIP locks automatically 
• Integrity Check detects and fixes missing local replica ID 
• Quick "Lock Now" hotkey and menu item
• New Sync options, Menu, and Preferences 
• WiFi sync service no longer enabled by default, see Preferences to enable
• Fix: Height of note field is properly redrawn to fit content of note field after editing 
• Fix: Launch web URLs entered without leading "http://" scheme 
• Fix: Errors during backup include actual error message 
• Fix: Integrity Check adds entry records to the Unfiled category 
• Fix: Re-ordering of fields on edit is now saved immediately 
• Fix: Sort labels by name in Customize Labels 
• Fix: Non-default backup preference is retained 
• Fix: Diacritic characters in password no longer cause authentication failure during WiFi sync 
• Fix: Allows large note field editing on Mac OS X 10.6 
• Fix: Command+Q will quit STRIP for OS X even when when application is locked

STRIP for iPhone and Android

• New option to sync with Google Drive
• Optional masking and hiding of fields from display (automatically enabled for passwords and PINs) 
• Improved random password generator
• 40 new professionally designed icons 
• Quick "Lock Now" button added to Preferences
• Remembers manually entered Sync addresses and hostnames
• New alternate font display preference
• Enables new database security features (tamper resistence via per-page HMAC protection)
• Displays preview of note fields on entry view 
• Improved sync performance

We are planning to gather a group of users to participate in a private beta of SQLCipher for Android. We are looking for individuals who already have some experience integrating SQLCipher for Android into their application and have an interest how the library evolves in the future. This group will have access to new builds of SQLCipher for Android along with private communications with Zetetic to provide feedback as changes are made.

We have recently been in discussion with members of the Android development team at Google where they have been helpful in testing out some changes to SQLCipher for Android on an upcoming Android platform release. While this is very benefitial, we would like to reach out to the community to further understand how changes to the library may impact you in the future.

If you are interested in helping SQLCipher for Android evolve in the future, and are willing to actively test, provide feedback on new builds, and contribute test cases, you can contact us to be considered for the private beta. Please send emails to support@zetetic.net and include a bit of inforomation about your app and how you currently use SQLCipher in your request. Thanks!