In this episode of Upwardly Mobile, we dive into the significant legal challenges facing major technology companies—Apple, Google (Alphabet), and Meta Platforms—as they are forced to defend themselves against class action lawsuits alleging that they promoted and profited from illegal social casino gambling apps. A recent ruling by U.S. District Judge Edward Davila in San Jose, California, denied the companies' requests to dismiss the lawsuits. The plaintiffs, numbering in the dozens, contend that the companies' platforms—Apple’s App Store, Google’s Play Store, and Meta’s Facebook—promoted an “authentic Vegas-style experience of slot machine gambling” through an allegedly illegal racketeering conspiracy. Key Takeaways from the Litigation:

• The Liability Claim: The core claim is that the defendants "willingly assist, promote and profit from" allegedly illegal gambling. This is achieved by:
  • Offering users access to the apps through their stores.
  • Taking a substantial percentage of consumer purchases (estimated at 30% commission, totaling over $2 billion) on in-app transactions for items like Game Coins and Sweeps Coins.
  • Processing these allegedly illicit transactions using proprietary payment systems.
  • Using targeted advertising to "shepherd the most vulnerable customers" to the casino apps.
• The Section 230 Defense Rejected: Apple, Google, and Meta argued that Section 230 of the federal Communications Decency Act protected them from liability because this law shields online platforms from lawsuits over third-party content. Judge Davila rejected this argument, finding that the companies did not act as "publishers" when processing payments. The judge emphasized that the "crux of plaintiffs’ theory is that defendants improperly processed payments for social casino apps".
• "Neutral Tools" Argument Undercut: The court called it irrelevant that the companies provided "neutral tools" (like payment processing) to support the apps.
• Damages Sought: The lawsuits seek unspecified compensatory and triple damages, among other remedies.
• Appeals and Case History: Judge Davila allowed the defendants to immediately appeal his decision to the 9th U.S. Circuit Court of Appeals, acknowledging the importance of the Section 230 issues. The litigation against the Silicon Valley-based companies began in 2021.
• Additional Suits: Separately, a new lawsuit was filed against Apple and Google by lead Plaintiff Bargo (not naming the social casino operators), alleging the distribution of "patently illegal gambling software" in New Jersey and New York. This complaint includes legal claims under NJ and NY gambling loss recovery statutes, consumer protection laws, and RICO laws.

Sponsor Message: This episode of Upwardly Mobile is brought to you by our sponsor. Learn how to secure your mobile app business today. Visit approov.io. Relevant Source Materials & Case Information:

• Article Reference (Legal Analysis): Excerpts from "Apple and Google Hit with New Social Casino Gambling Lawsuit," National Law Review (October 02, 2025). (Article written by James G. Gatto of Sheppard, Mullin, Richter & Hampton LLP).
• Article Reference (News): "Apple, Google, Meta must face lawsuits over gambling apps," Honolulu Star-Advertiser (Oct. 1, 2025).
• Article Reference (Judicial Denial): "Judicial Denial for Tech Giants in Casino App Lawsuits" (Sept 30).
• Amicus Brief Reference: In re: Casino-Style Games Litigation (Nos. 22-16914, 22-16916, 22-16888, 22-16889, 22-16921, 22-16923) U.S. Court of Appeals for the Ninth Circuit.
• District Court Case Reference (Northern District of California): In re Apple Inc App Store Simulated Casino-Style Games Litigation, No. 21-md-02985; In re Google Play Store Simulated Casino-Style Games Litigation, No. 21-md-03001; and In re...

In this critical episode of Upwardly Mobile, we delve into the alarming cybersecurity incident involving massive data exposure stemming from misconfigured Firebase servers. Cybersecurity researchers uncovered a breach that exposed the sensitive information and plaintext passwords of over 1.8 million users. This wasn't the result of sophisticated hacking, but rather "basic negligence" and developers failing to implement standard security settings.
We discuss why Firebase, Google's popular backend-as-a-service (BaaS) for mobile apps
, has become a liability risk when developers neglect configuration best practices.
What was exposed and the devastating scope of the leak:
The scope of this data leak is massive, involving publicly accessible Firebase real-time databases used by more than 900 mobile applications, predominantly Android-based
. These affected apps spanned categories including health, fitness, education, and finance.
The highly sensitive user data exposed included:
• Plaintext passwords (unencrypted)
• Usernames, email addresses, and phone numbers
• Billing information
• High-privilege API tokens, AWS root access tokens, and private chat logs
• Millions of user ID photos
.
The Failure of Security as an Afterthought:
Experts warn that storing plaintext passwords on open cloud databases in 2025 is "reckless"
. The breach occurred because developers failed to secure their Firebase instances, often by extending insecure "test-mode" configurations or inadvertently leaving production environments vulnerable. Responsibility for this preventable disaster lies with both the developers and Firebase itself, for allowing insecure default settings.We also explore the technical mechanism behind these breaches: Automated scanning tools (like OpenFirebase) are actively exploiting this vulnerability by parsing Android Package Kit (APK) files to extract Firebase project IDs, API keys, and subsequently probing service URLs for unauthenticated access.
This incident serves as a strong wake-up call for the tech industry, emphasizing the critical need for mandatory security training and treating security as a core function of software development—not an afterthought.
--------------------------------------------------------------------------------
🛡️ Sponsor: Approov
Protect your mobile APIs and prevent automated attacks that exploit hardcoded secrets and misconfigurations. Secure your apps from the client-side up.
Learn more and protect your platform at https://approov.io.
--------------------------------------------------------------------------------
Source Materials & Links
• Article 1: "Massive data leak exposes passwords of 1.8 million users through misconfigured Firebase servers," ZENDATA (May 25, 2025).
• Article 2: "Numerous Applications Using Google's Firebase Platform Leaking Highly Sensitive Data," Cyber Security News (September 25, 2025).
--------------------------------------------------------------------------------
Keywords: Data Leak, Firebase Security, Plaintext Passwords, Cybersecurity, Mobile App Security, Google Firebase, Cloud Misconfiguration, Data Breach, Developer Negligence, API Security, Android Security, BaaS, App Development.

Neon's Data Disaster: How a Viral AI App Exposed 75,000 Users and Went Dark
In this urgent episode of Upwardly Mobile, we break down the spectacular rise and immediate fall of the highly controversial mobile application, Neon. The app, which recently topped the charts and went viral on platforms like TikTok, promised users payment in exchange for recording their phone calls. These recordings were then sold to AI companies for training. However, less than 24 hours after gaining widespread attention, a significant security flaw was discovered. According to reports from TechCrunch, this flaw allowed public access to extremely sensitive user data. The Security Catastrophe The call-recording app had rapidly climbed the App Store ranks, reporting 75,000 downloads in a single day. Despite its rapid growth, Neon was forced offline after the security issue was discovered by TechCrunch. The flaw was so severe that it allowed anyone utilizing a network analysis tool to access private information belonging to other users. Exposed data included:

• Users' phone numbers.
• Call recordings and accessible URLs to the raw audio files.
• Text transcripts of the recorded calls.
• Detailed metadata connected to the calls, including the phone number of the person called, the time and duration of the call, and the amount earned from the call.

The Company Response Following the discovery, Neon founder Alex Kiam sent an email to customers notifying them of the app's temporary shutdown. Kiam stated that they were taking the app down to "add extra layers of security" because "Your data privacy is our number one priority". However, it is crucial to note that the email failed to warn users about the specific security issue or that their phone numbers, call recordings, and transcripts had been exposed. TechCrunch noted that although the app's servers were taken down, rendering the app useless, it remained available in the App Store. If Neon does make a comeback, it will certainly receive increased scrutiny regarding its security protocols. Secure Your Mobile Infrastructure with Our Sponsor In a world where mobile app security flaws can rapidly expose millions of data points, protecting your back-end servers and APIs is non-negotiable. Our episode today highlights the critical importance of mobile app protection from the get-go. Learn how to implement proactive mobile security measures. Visit: approov.io Relevant Source Materials & Further Reading

• Excerpts from "Neon, the viral app that pays users to record calls, goes offline after exposing data | Mashable"
• Excerpts from "Viral call-recording app Neon goes dark after exposing users' phone numbers, call recordings, and transcripts | TechCrunch"

Keywords: Neon app security flaw, AI training data, call recording app, data privacy, cybersecurity, mobile app data exposure, Alex Kiam, App Store security, TechCrunch exclusive, data breach, viral app failure, mobile security. 

Google's Legal Gauntlet: Antitrust Battles and the Future of the App Ecosystem 

This week on Upwardly Mobile, we dissect the flurry of major legal decisions facing Google in September 2025, from its desperate plea to the Supreme Court to halt the Epic Games injunction to the final ruling in the federal search monopoly case. We explore the massive shifts coming to the Android app ecosystem and Google's mandated business practice changes. Episode Notes September 2025: A Critical Month for Google's Antitrust Defense Google is challenging two massive antitrust rulings simultaneously, initiating what the sources describe as its "last hope" to maintain control over core business functions. Part 1: The Epic Games Showdown at the Supreme Court Google has asked the U.S. Supreme Court to intervene and pause the injunction it received following a major legal loss to Epic Games in October 2024. The company is seeking a decision on the stay by October 17, just days before the injunction is scheduled to take effect around October 20 or 22. The injunction, upheld by the Ninth Circuit Court of Appeals, requires Google to make several fundamental changes to the Google Play Store and the Android app ecosystem:

1. Open the Play Store: Google must allow users to download and use third-party app stores for a period of three years.
2. External Billing: Google is no longer allowed to force developers to use its billing system; developers must be allowed to include external links in apps, enabling users to bypass Google’s billing system.
3. End Pre-Install Deals: Google can no longer make deals around pre-installing the Play Store on phones.

Google argues that this "unprecedented antitrust injunction" will "[create] enormous security and safety risks" by allowing the proliferation of stores that stock "malicious, deceptive or pirated content". Furthermore, Google claims the injunction burdens developers with constantly monitoring numerous stores and makes it substantially easier for developers to avoid compensating Google for services. Epic Games strongly disagrees, stating that Google continues to rely on "flawed security claims" rejected by the jury and the Ninth Circuit. Epic maintains that the injunction should go into effect so consumers and developers can benefit from competition, choices, and lower prices. Part 2: The Search Monopoly Ruling In a separate, long-running federal monopoly case, U.S. District Judge Amit Mehta ruled on remedies following his earlier decision that Google had acted illegally to maintain a monopoly in internet search. Key aspects of Judge Mehta's September 2025 ruling include:

• No Divestiture of Chrome/Android: The judge denied the Department of Justice's proposal to force Google to sell its Chrome browser or divest the Android operating system, ruling that the government had "overreached".
• End Exclusive Deals: Google is no longer permitted to strike exclusive deals around the distribution of search, Google Assistant, Gemini, or Chrome. For example, Google cannot require device makers to pre-load its apps in order to gain access to the Play Store.
• Data Sharing: Google must share some of its search data with competitors going forward to narrow the "scale gap" created by exclusive distribution agreements. (Google is not required to share data related to its ads).

Google called the decision "largely a win" but expressed concerns about the requirements to share Search data and the new limits imposed on how Google distributes its services.

🛡️ Sponsored by Approov

As discussions around third-party app stores and sideloading intensify due to the Epic v. Google injunction, the need for robust mobile app security is paramount. Approov provides essential security solutions for developers navigating these new challenges. Approov offers mobile app attestation...

Episode Notes
Description:
In this episode of Upwardly Mobile, we dive into one of the most pressing cybersecurity threats facing mobile carriers and their subscribers: eSIM swap fraud. While digital SIMs offer superior security against physical theft, they remain vulnerable to sophisticated credential-based attacks and social engineering that target the carrier's systems. We explain how this critical fraud operates and reveal the advanced, cloud-based technologies—App Attestation and Device Binding—that mobile operators are now deploying to verify user identity and device integrity in real time, effectively blocking fraudsters before a swap can be completed.
The eSIM Swap Threat
eSIM swapping is a form of identity fraud where an attacker convinces a mobile carrier to transfer a victim's phone number to a new eSIM under the attacker's control, often by impersonating the legitimate user remotely.
• Attack Method: Attackers often gather personal details from public sources or breaches, then contact the carrier, claiming they need to transfer their number to a new device. Since no physical access is needed, the fraud relies entirely on weaknesses in the carrier’s authentication process.
• The Impact: Once a swap is successful, the criminal gains full control over the victim's phone number. They can intercept calls, texts, and, critically, one-time security codes (OTPs) sent via SMS, allowing them to bypass two-factor authentication (2FA) for online banking, cryptocurrency exchanges, and other sensitive accounts, leading to massive financial loss.
The Technical Solution: Attestation and Binding
To counter these remote, identity-based attacks, carriers are adopting a multi-layered verification approach focused on establishing the trustworthiness of the application and the hardware initiating the swap request.
1. App Attestation
This technology focuses on verifying the integrity and legitimacy of the carrier's mobile application.
• Verification: App Attestation confirms that the carrier's app being used is the genuine, untampered version downloaded directly from an official app store.
• Prevention: It detects if the app has been modified with malicious code or is running in a compromised environment, such as an emulator. If an attacker attempts to use a fake or compromised version of the carrier’s app to initiate a fraudulent eSIM swap request, app attestation detects and blocks that request.
2. Device Binding
Device Binding provides a cryptographic link between a user's account and the unique hardware characteristics of their trusted device.
• Secure Link: When a user first logs in, a secure link is created between the app and the device's hardware IDs.
• Suspicion Flagging: If a request for an eSIM swap is later initiated from a different, unverified device, the system flags the activity as suspicious, regardless of whether the attacker has stolen credentials. The system can then require additional verification steps or outright deny the unauthorized transfer.
This combined approach shifts the security decision-making from the potentially compromised user device to a secure cloud service, making it extremely difficult for attackers to bypass checks through client-side tampering or reverse-engineering.
Comprehensive Security Layers for Mobile Carriers
Beyond app and device verification, mobile carriers are advised to strengthen defenses through systemic controls:
• Stricter Authentication: Implementing secure authentication processes for eSIM transfers,...

In this episode, we're diving deep into Apple's groundbreaking Memory Integrity Enforcement (MIE), an unprecedented effort poised to redefine the landscape of mobile security, and we'll also explore the broader spectrum of threats targeting the iOS ecosystem.

Apple's Memory Integrity Enforcement (MIE) is the culmination of a half-decade of intensive design and engineering, combining the unique strengths of Apple silicon hardware with advanced operating system security. Apple believes MIE represents the most significant upgrade to memory safety in the history of consumer operating systems. This comprehensive, always-on protection is designed to provide industry-first memory safety across Apple devices, all without compromising device performance.

The Driving Force: Combating Mercenary Spyware While the iPhone has never experienced a successful, widespread malware attack, Apple's focus for MIE is primarily on the mercenary spyware and surveillance industry. These highly sophisticated threats, often associated with state actors, utilize exploit chains that can cost millions of dollars to target a small number of specific individuals. A common denominator in these advanced attacks, whether targeting iOS, Windows, or Android, is their reliance on memory safety vulnerabilities. MIE aims to disrupt these highly effective exploitation techniques that have been prevalent for the last 25 years.

How MIE Works: A Three-Pronged Defense MIE is built on a robust foundation of hardware and software innovations:
1. Secure Memory Allocators: Apple's efforts in memory safety include developing with safe languages like Swift and deploying mitigations at scale. Key to MIE are its secure memory allocators, such as kalloc_type (introduced in iOS 15 for the kernel) and xzone malloc (for user-level in iOS 17), alongside WebKit's libpas. These allocators use type information to organize memory, thwarting attackers' goals of creating overlapping interpretations of memory to exploit use-after-free and out-of-bounds bugs.
2. Enhanced Memory Tagging Extension (EMTE): Building on Arm's 2019 Memory Tagging Extension (MTE) specification, Apple conducted deep evaluations and collaborated with Arm to address weaknesses, leading to the Enhanced Memory Tagging Extension (EMTE) specification in 2022. MIE rigorously implements EMTE in strictly synchronous, always-on mode, a crucial factor for real-time defensive measures in adversarial contexts. EMTE prevents common memory corruption types:
    ◦ Buffer Overflows: The allocator tags neighboring allocations with different secrets. If memory access spills over into an adjacent allocation with a different tag, the hardware blocks it, and the operating system can terminate the process.
    ◦ Use-After-Free Vulnerabilities: Memory is retagged when reused. If a request uses an older, invalid tag for retagged memory, the hardware blocks it. EMTE also specifies that accessing non-tagged memory from a tagged region requires knowing that region’s tag, making it harder for attackers to bypass EMTE.
3. Tag Confidentiality Enforcement: This critical component protects the implementation of Apple's secure allocators and the confidentiality of EMTE tags, even against side-channel and speculative-execution attacks. Apple's silicon implementation prevents tag values from influencing speculative execution, a vulnerability seen in other MTE implementations. Furthermore, MIE addresses Spectre variant 1 (V1), a speculative-execution vulnerability, with a mitigation designed for virtually zero CPU cost, making it impractical for attackers to leak tag values and guide attacks.
Impact and Availability Memory Integrity Enforcement is built right into Apple hardware and software in all iPhone 17 and iPhone Air models, offering unparalleled, always-on...

The App Store Freedom Act

Episode Description: In this episode of Upwardly Mobile, we unpack the App Store Freedom Act, a landmark bipartisan bill aiming to reform the highly concentrated mobile app marketplace dominated by tech giants like Apple and Google. Introduced by Representative Kat Cammack (R-FL) and co-sponsored by Representative Lori Trahan (D-MA), this legislation addresses significant concerns about anti-competitive practices, consumer choice, and developer freedom.
The Coalition for App Fairness (CAF), an independent nonprofit advocating for consumer choice and a level playing field for app developers, applauds the bill's bipartisan support, seeing it as a crucial step to dismantle "mobile walled gardens". We explore the bill's key provisions, which include allowing users to choose third-party app stores, install apps outside of official stores, and delete pre-installed applications. The Act also seeks to remove limitations on communication between developers and users, cap commissions on payments outside default systems, and mandate data sharing for app developers.
However, the App Store Freedom Act isn't without its critics. We delve into the concerns raised by the American Action Forum, particularly regarding potential overlaps with existing antitrust law and recent rulings like Apple v. Epic Games. A major point of contention is the security implications: opening up app stores could lead to a significant influx of fraudulent apps, data theft, and unverified third-party providers, potentially compromising the "walled garden" security benefits that currently protect users. We also discuss how while the bill might expedite FTC enforcement, it could bypass crucial antitrust requirements, potentially overlooking pro-consumer behaviors by app store providers. Join us as we explore the multifaceted debate surrounding this pivotal piece of tech legislation.
Key Discussion Points:
• The Problem: Anti-competitive practices and lack of consumer freedom in mobile app stores controlled by Apple and Google.
• The Bill's Purpose: To foster competition, enhance consumer choice, and create a level playing field for app developers globally.
• Core Provisions of the App Store Freedom Act (H.R.3209):
    ◦ Interoperability: Users can choose default third-party app stores, install apps from outside sources, and hide/delete pre-installed apps.
    ◦ Open App Development: Requires covered companies to provide developers with access to interfaces, hardware, and software features on equivalent terms.
    ◦ Prohibitions: Bans requirements for specific in-app payment systems, prevents punitive actions against developers using alternative pricing or payment methods, and protects legitimate business communications between developers and users.
    ◦ Nonpublic Business Information: Prohibits covered companies from using developer data to compete against those apps.
• Enforcement: Violations are treated as unfair or deceptive acts by the Federal Trade Commission (FTC), with potential civil penalties up to $1,000,000 per violation. State attorneys general can also bring civil actions.
• Overlap with Existing Law & Apple v. Epic Games: Discussion on whether new legislation is fully necessary given previous court rulings that addressed similar anti-steering practices.
• Security Concerns: Analysis of how opening the "walled garden" could impact user safety, potentially leading to fraudulent apps, stolen data, and unverified third-party providers.
• Balancing Act: The trade-offs between promoting competition and maintaining user security and convenience.
Relevant Source Materials for this Summary:
• "CAF...

Episode Title: Anatsa Unleashed: How a Sophisticated Android Banking Trojan Targets Over 830 Financial Apps Globally

In this episode of "Upwardly Mobile," we dive deep into the alarming evolution of Anatsa, a potent Android banking trojan that has significantly expanded its reach, now setting its sights on over 830 financial applications worldwide
. First identified in 2020, Anatsa (also known as Teabot or Troddler) grants its operators full control over infected devices, enabling them to perform fraudulent transactions and steal critical bank information, cryptocurrencies, and various other data on behalf of victims.
What You'll Learn in This Episode:
• Anatsa's Expanded Targets: Discover how the Anatsa banking trojan has broadened its scope to include more than 150 new banking and cryptocurrency applications, extending its malicious campaigns to mobile users in new countries like Germany and South Korea
.
• Deceptive Distribution Methods: Understand the cunning ways Anatsa spreads, primarily through decoy applications found on the official Google Play Store
. These seemingly harmless apps often masquerade as useful tools like PDF viewers, QR code scanners, or phone cleaners, accumulating over 50,000 downloads in some cases. Once installed, they silently fetch a malicious payload disguised as an update from Anatsa's command-and-control (C&C) server.
• Advanced Evasion Techniques: Learn about Anatsa's sophisticated anti-analysis and anti-detection mechanisms, designed to evade security measures. These include decrypting strings at runtime using dynamically generated Data Encryption Standard (DES) keys, performing emulation and device model checks, and periodically altering package names and installation hashes
. The malware even hides its DEX payload within corrupted archives that bypass standard static analysis tools.
• How Anatsa Compromises Devices: Find out how Anatsa requests and automatically enables critical accessibility permissions upon installation. This allows it to display overlays on top of legitimate applications, tamper with notifications, receive and read SMS messages, and ultimately present fake banking login pages to steal credentials
. The trojan also incorporates keylogging capabilities.
• Industry Response: Hear about the efforts of cybersecurity firms like Zscaler, which identified and reported 77 nefarious applications distributing Anatsa and other malware families, collectively accounting for over 19 million downloads
. While Google has since removed these reported applications and states that Google Play Protect offers automatic protection, the continuous evolution of Anatsa highlights the ongoing threat.
Protect Yourself: Cybersecurity experts advise Android users to always verify the permissions that applications request and ensure they align with the intended functionality of the app
.
--------------------------------------------------------------------------------
Relevant Links to Source Materials:
• Source 1: SecurityWeek Article on Anatsa: "Anatsa Android Banking Trojan Now Targeting 830 Financial Apps"
• Source 2: Zscaler ThreatLabz Report: "Anatsa’s Latest Updates | ThreatLabz"
• Source 3: BSI Report on Anatsa: Show more...